Dear Wiki user, You have subscribed to a wiki page or wiki category on "Lenya Wiki" for change notification.
The following page has been changed by RainerSchoepf: http://wiki.apache.org/lenya/TomcatSecurityPolicy New page: = Using the Security Manager in Tomcat = The [http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html Java SecurityManager] protects a Web application from other servlets JSPs and the like. The easiest way to run lenya in Tomcat is to switch the Security Manager off, by removing the option {{{-security}}} from the Tomcat startup options. If you want to run Lenya in Tomcat with the security manager enabled, you need to write a suitable policy. The appended code is a starting point, but it is incomplete. Put these lines into, e.g. {{{/etc/tomcat5/policy.d/50lenya.policy}}} (or whereever your policy files are located). {{{// You can assign additional permissions to particular web applications by // adding additional "grant" entries here, based on the code base for that // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. // // Different permissions can be granted to JSP pages, classes loaded from // the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ // directory, or even to individual jar files in the /WEB-INF/lib/ directory. // // For instance, assume that the standard "examples" application // included a JDBC driver that needed to establish a network connection to the // corresponding database and used the scrape taglib to get the weather from // the NOAA web server. You might create a "grant" entries like this: // // The permissions granted to the context root directory apply to JSP pages. // grant codeBase "file:${catalina.home}/webapps/examples/-" { // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; // // The permissions granted to the context WEB-INF/classes directory // grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" { // }; // // The permission granted to your JDBC driver // grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" { // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; // }; // The permission granted to the scrape taglib // grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; // }; grant codeBase "file:/var/lib/tomcat5/webapps/lenya/WEB-INF/classes/-" { // OS Specific properties to allow read access permission java.util.PropertyPermission "java.*", "read"; permission java.util.PropertyPermission "awt.toolkit", "read"; permission java.util.PropertyPermission "file.encoding", "read"; permission java.util.PropertyPermission "user.*", "read"; permission java.util.PropertyPermission "org.xml.sax.driver", "read"; permission java.util.PropertyPermission "javax.xml.parsers.*", "read"; permission java.util.PropertyPermission "org.quartz.properties", "read"; permission java.util.PropertyPermission "org.xml.sax.driver", "write"; permission java.io.FilePermission "quartz.properties", "read"; permission java.util.PropertyPermission "*", "read, write"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.io.FilePermission "/usr/lib/j2sdk1.5-sun/jre/lib/-", "read"; }; grant codeBase "file:/var/lib/tomcat5/webapps/lenya/WEB-INF/lib/-" { permission java.util.PropertyPermission "org.apache.cocoon.*", "read"; permission java.util.PropertyPermission "context-root", "read"; permission java.util.PropertyPermission "log4j.*", "read"; permission java.util.PropertyPermission "*", "read, write"; permission java.io.FilePermission "/var/lib/tomcat5/webapps/lenya/WEB-INF/logs/-", "write"; permission java.io.FilePermission "/usr/share/tomcat5/.cocoon/settings.properties", "read"; permission java.io.FilePermission "/usr/lib/j2sdk1.5-sun/jre/lib/-", "read"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; }; grant codebase "file:/var/cache/tomcat5/Catalina/localhost/lenya/cocoon-files/-" { permission java.util.PropertyPermission "user.*", "read"; permission java.io.FilePermission "/var/lib/tomcat5/webapps/lenya", "read"; permission java.io.FilePermission "/var/lib/tomcat5/webapps/lenya/-", "read"; }; grant { permission java.io.FilePermission "quartz.properties", "read"; permission java.net.SocketPermission "*", "resolve"; permission java.lang.RuntimePermission "getClassLoader"; }; grant codeBase "file:/var/lib/tomcat5/webapps/cocoon/WEB-INF/classes/-" { permission java.util.PropertyPermission "javax.xml.parsers.*", "read"; permission java.util.PropertyPermission "awt.toolkit", "read"; permission java.util.PropertyPermission "file.encoding", "read"; permission java.util.PropertyPermission "java.*", "read"; permission java.util.PropertyPermission "user.*", "read"; permission java.util.PropertyPermission "org.xml.sax.driver", "read, write"; permission java.util.PropertyPermission "javax.xml.parsers.*", "read"; }; grant codeBase "file:/var/lib/tomcat5/webapps/cocoon/WEB-INF/lib/-" { permission java.util.PropertyPermission "org.apache.cocoon.*", "read"; permission java.util.PropertyPermission "context-root", "read"; permission java.util.PropertyPermission "log4j.*", "read"; permission java.util.PropertyPermission "org.xml.sax.driver", "read, write"; permission java.util.PropertyPermission "javax.xml.parsers.*", "read"; permission java.util.PropertyPermission "awt.toolkit", "read"; permission java.util.PropertyPermission "file.encoding", "read"; permission java.util.PropertyPermission "java.*", "read"; permission java.util.PropertyPermission "user.*", "read"; permission java.util.PropertyPermission "*", "read, write"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.io.FilePermission "/var/lib/tomcat5/webapps/cocoon/WEB-INF/logs/-", "write"; permission java.io.FilePermission "/usr/share/tomcat5/.cocoon/settings.properties", "read"; permission java.io.FilePermission "/usr/lib/j2sdk1.5-sun/jre/lib/-", "read"; }; }}} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
