Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 771 | blopes | 1 | // Licensed to the Apache Software Foundation (ASF) under one or more |
| 2 | // contributor license agreements. See the NOTICE file distributed with |
||
| 3 | // this work for additional information regarding copyright ownership. |
||
| 4 | // The ASF licenses this file to You under the Apache License, Version 2.0 |
||
| 5 | // (the "License"); you may not use this file except in compliance with |
||
| 6 | // the License. You may obtain a copy of the License at |
||
| 7 | // |
||
| 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
||
| 9 | // |
||
| 10 | // Unless required by applicable law or agreed to in writing, software |
||
| 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
||
| 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 13 | // See the License for the specific language governing permissions and |
||
| 14 | // limitations under the License. |
||
| 15 | |||
| 16 | // ============================================================================ |
||
| 17 | // catalina.policy - Security Policy Permissions for Tomcat |
||
| 18 | // |
||
| 19 | // This file contains a default set of security policies to be enforced (by the |
||
| 20 | // JVM) when Catalina is executed with the "-security" option. In addition |
||
| 21 | // to the permissions granted here, the following additional permissions are |
||
| 22 | // granted to each web application: |
||
| 23 | // |
||
| 24 | // * Read access to the web application's document root directory |
||
| 25 | // * Read, write and delete access to the web application's working directory |
||
| 26 | // ============================================================================ |
||
| 27 | |||
| 28 | |||
| 29 | // ========== SYSTEM CODE PERMISSIONS ========================================= |
||
| 30 | |||
| 31 | |||
| 32 | // These permissions apply to javac |
||
| 33 | grant codeBase "file:${java.home}/lib/-" { |
||
| 34 | permission java.security.AllPermission; |
||
| 35 | }; |
||
| 36 | |||
| 37 | // These permissions apply to all shared system extensions |
||
| 38 | grant codeBase "file:${java.home}/jre/lib/ext/-" { |
||
| 39 | permission java.security.AllPermission; |
||
| 40 | }; |
||
| 41 | |||
| 42 | // These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre |
||
| 43 | grant codeBase "file:${java.home}/../lib/-" { |
||
| 44 | permission java.security.AllPermission; |
||
| 45 | }; |
||
| 46 | |||
| 47 | // These permissions apply to all shared system extensions when |
||
| 48 | // ${java.home} points at $JAVA_HOME/jre |
||
| 49 | grant codeBase "file:${java.home}/lib/ext/-" { |
||
| 50 | permission java.security.AllPermission; |
||
| 51 | }; |
||
| 52 | |||
| 53 | // This permission is required when using javac to compile JSPs on Java 9 |
||
| 54 | // onwards |
||
| 55 | //grant codeBase "jrt:/jdk.compiler" { |
||
| 56 | // permission java.security.AllPermission; |
||
| 57 | //}; |
||
| 58 | |||
| 59 | |||
| 60 | // ========== CATALINA CODE PERMISSIONS ======================================= |
||
| 61 | |||
| 62 | // These permissions apply to the daemon code |
||
| 63 | grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { |
||
| 64 | permission java.security.AllPermission; |
||
| 65 | }; |
||
| 66 | |||
| 67 | // These permissions apply to the logging API |
||
| 68 | // Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, |
||
| 69 | // update this section accordingly. |
||
| 70 | // grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} |
||
| 71 | grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { |
||
| 72 | permission java.io.FilePermission |
||
| 73 | "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; |
||
| 74 | |||
| 75 | permission java.io.FilePermission |
||
| 76 | "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; |
||
| 77 | permission java.io.FilePermission |
||
| 78 | "${catalina.base}${file.separator}logs", "read, write"; |
||
| 79 | permission java.io.FilePermission |
||
| 80 | "${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete"; |
||
| 81 | |||
| 82 | permission java.lang.RuntimePermission "shutdownHooks"; |
||
| 83 | permission java.lang.RuntimePermission "getClassLoader"; |
||
| 84 | permission java.lang.RuntimePermission "setContextClassLoader"; |
||
| 85 | |||
| 86 | permission java.lang.management.ManagementPermission "monitor"; |
||
| 87 | |||
| 88 | permission java.util.logging.LoggingPermission "control"; |
||
| 89 | |||
| 90 | permission java.util.PropertyPermission "java.util.logging.config.class", "read"; |
||
| 91 | permission java.util.PropertyPermission "java.util.logging.config.file", "read"; |
||
| 92 | permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read"; |
||
| 93 | permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read"; |
||
| 94 | permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read"; |
||
| 95 | permission java.util.PropertyPermission "catalina.base", "read"; |
||
| 96 | |||
| 97 | // Note: To enable per context logging configuration, permit read access to |
||
| 98 | // the appropriate file. Be sure that the logging configuration is |
||
| 99 | // secure before enabling such access. |
||
| 100 | // E.g. for the examples web application (uncomment and unwrap |
||
| 101 | // the following to be on a single line): |
||
| 102 | // permission java.io.FilePermission "${catalina.base}${file.separator} |
||
| 103 | // webapps${file.separator}examples${file.separator}WEB-INF |
||
| 104 | // ${file.separator}classes${file.separator}logging.properties", "read"; |
||
| 105 | }; |
||
| 106 | |||
| 107 | // These permissions apply to the server startup code |
||
| 108 | grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { |
||
| 109 | permission java.security.AllPermission; |
||
| 110 | }; |
||
| 111 | |||
| 112 | // These permissions apply to the servlet API classes |
||
| 113 | // and those that are shared across all class loaders |
||
| 114 | // located in the "lib" directory |
||
| 115 | grant codeBase "file:${catalina.home}/lib/-" { |
||
| 116 | permission java.security.AllPermission; |
||
| 117 | }; |
||
| 118 | |||
| 119 | |||
| 120 | // If using a per instance lib directory, i.e. ${catalina.base}/lib, |
||
| 121 | // then the following permission will need to be uncommented |
||
| 122 | // grant codeBase "file:${catalina.base}/lib/-" { |
||
| 123 | // permission java.security.AllPermission; |
||
| 124 | // }; |
||
| 125 | |||
| 126 | |||
| 127 | // ========== WEB APPLICATION PERMISSIONS ===================================== |
||
| 128 | |||
| 129 | |||
| 130 | // These permissions are granted by default to all web applications |
||
| 131 | // In addition, a web application will be given a read FilePermission |
||
| 132 | // for all files and directories in its document root. |
||
| 133 | grant { |
||
| 134 | // Required for JNDI lookup of named JDBC DataSource's and |
||
| 135 | // javamail named MimePart DataSource used to send mail |
||
| 136 | permission java.util.PropertyPermission "java.home", "read"; |
||
| 137 | permission java.util.PropertyPermission "java.naming.*", "read"; |
||
| 138 | permission java.util.PropertyPermission "javax.sql.*", "read"; |
||
| 139 | |||
| 140 | // OS Specific properties to allow read access |
||
| 141 | permission java.util.PropertyPermission "os.name", "read"; |
||
| 142 | permission java.util.PropertyPermission "os.version", "read"; |
||
| 143 | permission java.util.PropertyPermission "os.arch", "read"; |
||
| 144 | permission java.util.PropertyPermission "file.separator", "read"; |
||
| 145 | permission java.util.PropertyPermission "path.separator", "read"; |
||
| 146 | permission java.util.PropertyPermission "line.separator", "read"; |
||
| 147 | |||
| 148 | // JVM properties to allow read access |
||
| 149 | permission java.util.PropertyPermission "java.version", "read"; |
||
| 150 | permission java.util.PropertyPermission "java.vendor", "read"; |
||
| 151 | permission java.util.PropertyPermission "java.vendor.url", "read"; |
||
| 152 | permission java.util.PropertyPermission "java.class.version", "read"; |
||
| 153 | permission java.util.PropertyPermission "java.specification.version", "read"; |
||
| 154 | permission java.util.PropertyPermission "java.specification.vendor", "read"; |
||
| 155 | permission java.util.PropertyPermission "java.specification.name", "read"; |
||
| 156 | |||
| 157 | permission java.util.PropertyPermission "java.vm.specification.version", "read"; |
||
| 158 | permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; |
||
| 159 | permission java.util.PropertyPermission "java.vm.specification.name", "read"; |
||
| 160 | permission java.util.PropertyPermission "java.vm.version", "read"; |
||
| 161 | permission java.util.PropertyPermission "java.vm.vendor", "read"; |
||
| 162 | permission java.util.PropertyPermission "java.vm.name", "read"; |
||
| 163 | |||
| 164 | // Required for OpenJMX |
||
| 165 | permission java.lang.RuntimePermission "getAttribute"; |
||
| 166 | |||
| 167 | // Allow read of JAXP compliant XML parser debug |
||
| 168 | permission java.util.PropertyPermission "jaxp.debug", "read"; |
||
| 169 | |||
| 170 | // All JSPs need to be able to read this package |
||
| 171 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; |
||
| 172 | |||
| 173 | // Precompiled JSPs need access to these packages. |
||
| 174 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; |
||
| 175 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; |
||
| 176 | permission java.lang.RuntimePermission |
||
| 177 | "accessClassInPackage.org.apache.jasper.runtime.*"; |
||
| 178 | |||
| 179 | // Applications using WebSocket need to be able to access these packages |
||
| 180 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; |
||
| 181 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; |
||
| 182 | }; |
||
| 183 | |||
| 184 | |||
| 185 | // The Manager application needs access to the following packages to support the |
||
| 186 | // session display functionality. It also requires the custom Tomcat |
||
| 187 | // DeployXmlPermission to enable the use of META-INF/context.xml |
||
| 188 | // These settings support the following configurations: |
||
| 189 | // - default CATALINA_HOME == CATALINA_BASE |
||
| 190 | // - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE |
||
| 191 | // - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME |
||
| 192 | grant codeBase "file:${catalina.base}/webapps/manager/-" { |
||
| 193 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; |
||
| 194 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; |
||
| 195 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; |
||
| 196 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; |
||
| 197 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; |
||
| 198 | permission org.apache.catalina.security.DeployXmlPermission "manager"; |
||
| 199 | }; |
||
| 200 | grant codeBase "file:${catalina.home}/webapps/manager/-" { |
||
| 201 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; |
||
| 202 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; |
||
| 203 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; |
||
| 204 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; |
||
| 205 | permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; |
||
| 206 | permission org.apache.catalina.security.DeployXmlPermission "manager"; |
||
| 207 | }; |
||
| 208 | |||
| 209 | // The Host Manager application needs the custom Tomcat DeployXmlPermission to |
||
| 210 | // enable the use of META-INF/context.xml |
||
| 211 | // These settings support the following configurations: |
||
| 212 | // - default CATALINA_HOME == CATALINA_BASE |
||
| 213 | // - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE |
||
| 214 | // - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME |
||
| 215 | grant codeBase "file:${catalina.base}/webapps/host-manager/-" { |
||
| 216 | permission org.apache.catalina.security.DeployXmlPermission "host-manager"; |
||
| 217 | }; |
||
| 218 | grant codeBase "file:${catalina.home}/webapps/host-manager/-" { |
||
| 219 | permission org.apache.catalina.security.DeployXmlPermission "host-manager"; |
||
| 220 | }; |
||
| 221 | |||
| 222 | |||
| 223 | // You can assign additional permissions to particular web applications by |
||
| 224 | // adding additional "grant" entries here, based on the code base for that |
||
| 225 | // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. |
||
| 226 | // |
||
| 227 | // Different permissions can be granted to JSP pages, classes loaded from |
||
| 228 | // the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ |
||
| 229 | // directory, or even to individual jar files in the /WEB-INF/lib/ directory. |
||
| 230 | // |
||
| 231 | // For instance, assume that the standard "examples" application |
||
| 232 | // included a JDBC driver that needed to establish a network connection to the |
||
| 233 | // corresponding database and used the scrape taglib to get the weather from |
||
| 234 | // the NOAA web server. You might create a "grant" entries like this: |
||
| 235 | // |
||
| 236 | // The permissions granted to the context root directory apply to JSP pages. |
||
| 237 | // grant codeBase "file:${catalina.base}/webapps/examples/-" { |
||
| 238 | // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; |
||
| 239 | // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; |
||
| 240 | // }; |
||
| 241 | // |
||
| 242 | // The permissions granted to the context WEB-INF/classes directory |
||
| 243 | // grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { |
||
| 244 | // }; |
||
| 245 | // |
||
| 246 | // The permission granted to your JDBC driver |
||
| 247 | // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { |
||
| 248 | // permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; |
||
| 249 | // }; |
||
| 250 | // The permission granted to the scrape taglib |
||
| 251 | // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { |
||
| 252 | // permission java.net.SocketPermission "*.noaa.gov:80", "connect"; |
||
| 253 | // }; |
||
| 254 | |||
| 255 | // To grant permissions for web applications using packed WAR files, use the |
||
| 256 | // Tomcat specific WAR url scheme. |
||
| 257 | // |
||
| 258 | // The permissions granted to the entire web application |
||
| 259 | // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" { |
||
| 260 | // }; |
||
| 261 | // |
||
| 262 | // The permissions granted to a specific JAR |
||
| 263 | // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" { |
||
| 264 | // }; |