tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy
Date Sat, 02 Sep 2000 00:06:19 GMT
craigmcc    00/09/01 17:06:18

  Modified:    catalina/src/bin catalina.bat catalina.sh
  Added:       catalina/src/conf catalina.policy
  Log:
  The beginnings of support for running web apps in Catalina under a
  security manager.  NOTE:  you cannot actually start Catalina with security
  enabled yet, because the appropriate ProtectionDomains are not
  initialized, so don't bother trying (unless you want to help implement
  this feature -- then you are quite welcome :-).
  
  Revision  Changes    Path
  1.3       +12 -4     jakarta-tomcat-4.0/catalina/src/bin/catalina.bat
  
  Index: catalina.bat
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.bat,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- catalina.bat	2000/08/12 00:26:50	1.2
  +++ catalina.bat	2000/09/02 00:06:18	1.3
  @@ -12,7 +12,7 @@
   rem
   rem   JAVA_HOME     Must point at your Java Development Kit installation.
   rem
  -rem $Id: catalina.bat,v 1.2 2000/08/12 00:26:50 remm Exp $
  +rem $Id: catalina.bat,v 1.3 2000/09/02 00:06:18 craigmcc Exp $
   rem ---------------------------------------------------------------------------
   
   
  @@ -69,12 +69,20 @@
   goto finish
   
   :doRun
  -java %CATALINA_OPTS% -Xbootclasspath:%BP% -Dcatalina.home=%CATALINA_HOME% org.apache.catalina.startup.Bootstrap
%2 %3 %4 %5 %6 %7 %8 %9 start
  +if "%2" == "-security" goto doRunSecure
  +java %CATALINA_OPTS% -Xbootclasspath:%BP% -Dcatalina.home="%CATALINA_HOME%" org.apache.catalina.startup.Bootstrap
%2 %3 %4 %5 %6 %7 %8 %9 start
   goto cleanup
  -
  +:doRunSecure
  +java %CATALINA_OPTS% -Djava.security.manager -Djava.security.policy=="%CATALINA_HOME%/conf/catalina.policy"
-Xbootclasspath:%BP% -Dcatalina.home="%CATALINA_HOME%" org.apache.catalina.startup.Bootstrap
%3 %4 %5 %6 %7 %8 %9 start
  +goto cleanup
   
   :doStart
  -start java %CATALINA_OPTS% -Xbootclasspath:%BP% -Dcatalina.home=%CATALINA_HOME% org.apache.catalina.startup.Bootstrap
%2 %3 %4 %5 %6 %7 %8 %9 start
  +if "%2" == "-security" goto doStartSecure
  +start java %CATALINA_OPTS% -Xbootclasspath:%BP% -Dcatalina.home="%CATALINA_HOME%" org.apache.catalina.startup.Bootstrap
%2 %3 %4 %5 %6 %7 %8 %9 start
  +goto cleanup
  +:doStartSecure
  +echo Using Security Manager
  +start java %CATALINA_OPTS% -Djava.security.manager -Djava.security.policy=="%CATALINA_HOME%/conf/catalina.policy"
-Xbootclasspath:%BP% -Dcatalina.home="%CATALINA_HOME%" org.apache.catalina.startup.Bootstrap
%3 %4 %5 %6 %7 %8 %9 start
   goto cleanup
   
   :doStop
  
  
  
  1.3       +53 -18    jakarta-tomcat-4.0/catalina/src/bin/catalina.sh
  
  Index: catalina.sh
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.sh,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- catalina.sh	2000/08/12 01:40:44	1.2
  +++ catalina.sh	2000/09/02 00:06:18	1.3
  @@ -12,7 +12,7 @@
   #
   #   JAVA_HOME     Must point at your Java Development Kit installation.
   #
  -# $Id: catalina.sh,v 1.2 2000/08/12 01:40:44 craigmcc Exp $
  +# $Id: catalina.sh,v 1.3 2000/09/02 00:06:18 craigmcc Exp $
   # -----------------------------------------------------------------------------
   
   
  @@ -66,11 +66,22 @@
   
     shift
     pushd $CATALINA_HOME
  -  jdb \
  -     -sourcepath ../../jakarta-tomcat-4.0/catalina/src/share \
  -     -Xbootclasspath:$BP \
  -     -classpath $CP -Dcatalina.home=$CATALINA_HOME \
  -     org.apache.catalina.startup.Bootstrap "$@" start
  +  if [ "$1" = "-security" ] ; then
  +    shift
  +    jdb \
  +       $CATALINA_OPTS \
  +       -sourcepath ../../jakarta-tomcat-4.0/catalina/src/share \
  +       -Xbootclasspath:$BP \
  +       -classpath $CP -Dcatalina.home=$CATALINA_HOME \
  +       org.apache.catalina.startup.Bootstrap "$@" start
  +  else
  +    jdb \
  +       $CATALINA_OPTS \
  +       -sourcepath ../../jakarta-tomcat-4.0/catalina/src/share \
  +       -Xbootclasspath:$BP \
  +       -classpath $CP -Dcatalina.home=$CATALINA_HOME \
  +       org.apache.catalina.startup.Bootstrap "$@" start
  +  fi
     popd
   
   elif [ "$1" = "embedded" ] ; then
  @@ -95,18 +106,39 @@
   elif [ "$1" = "run" ] ; then
   
     shift
  -  java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  -   -Dcatalina.home=$CATALINA_HOME \
  -   org.apache.catalina.startup.Bootstrap "$@" start
  +  if [ "$1" = "-security" ] ; then
  +    echo Using Security Manager
  +    shift
  +    java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  +     -Djava.security.manager \
  +     -Djava.security.policy==$CATALINA_HOME/conf/catalina.policy \
  +     -Dcatalina.home=$CATALINA_HOME \
  +     org.apache.catalina.startup.Bootstrap "$@" start
  +  else
  +    java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  +     -Dcatalina.home=$CATALINA_HOME \
  +     org.apache.catalina.startup.Bootstrap "$@" start
  +  fi
   
   elif [ "$1" = "start" ] ; then
   
     shift
     touch $CATALINA_HOME/logs/catalina.out
  -  java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  -   -Dcatalina.home=$CATALINA_HOME \
  -   org.apache.catalina.startup.Bootstrap "$@" start \
  -   >> $CATALINA_HOME/logs/catalina.out 2>&1 &
  +  if [ "$1" = "-security" ] ; then
  +    echo Using Security Manager
  +    shift
  +    java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  +     -Djava.security.manager \
  +     -Djava.security.policy==$CATALINA_HOME/conf/catalina.policy \
  +     -Dcatalina.home=$CATALINA_HOME \
  +     org.apache.catalina.startup.Bootstrap "$@" start \
  +     >> $CATALINA_HOME/logs/catalina.out 2>&1 &
  +  else
  +    java $CATALINA_OPTS -Xbootclasspath:$BP -classpath $CP \
  +     -Dcatalina.home=$CATALINA_HOME \
  +     org.apache.catalina.startup.Bootstrap "$@" start \
  +     >> $CATALINA_HOME/logs/catalina.out 2>&1 &
  +  fi
   
   elif [ "$1" = "stop" ] ; then
   
  @@ -119,11 +151,14 @@
   
     echo "Usage: catalina.sh ( env | run | start | stop)"
     echo "Commands:"
  -  echo "  debug - Start Catalina in a debugger"
  -  echo "  env -   Set up environment variables that Catalina would use"
  -  echo "  run -   Start Catalina in the current window"
  -  echo "  start - Start Catalina in a separate window"
  -  echo "  stop -  Stop Catalina"
  +  echo "  debug             Start Catalina in a debugger"
  +  echo "  debug -security   Debug Catalina with a security manager"
  +  echo "  env               Set up environment variables that would be used"
  +  echo "  run               Start Catalina in the current window"
  +  echo "  run -security     Start in the current window with security manager"
  +  echo "  start             Start Catalina in a separate window"
  +  echo "  start -security   Start in a separate window with security manager"
  +  echo "  stop -            Stop Catalina"
     exit 1
   
   fi
  
  
  
  1.1                  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===================================================================
  // ============================================================================
  // catalina.policy - Security Policy Permissions for Tomcat 4.0
  //
  // This file contains a default set of security policies to be enforced (by the
  // JVM) when Catalina is executed with the "-security" option.  In addition
  // to the permissions granted here, the following additional permissions are
  // granted to the codebase specific to each web application:
  // * Read and write access to the configured temporary directory
  // * Read access to the document root directory
  //
  // $Id: catalina.policy,v 1.1 2000/09/02 00:06:18 craigmcc Exp $
  // ============================================================================
  
  
  // ========== SYSTEM CODE PERMISSIONS =========================================
  
  
  // These permissions apply to the Java Virtual Machine's core code
  grant codebase "file:${java.home}/lib/-" {
          permission java.security.AllPermission;
  };
  
  
  // These permissions apply to all shared system extensions
  grant codebase "file:${java.home}/jre/lib/ext/*" {
          permission java.security.AllPermission;
  };
  
  
  // ========== CATALINA CODE PERMISSIONS =======================================
  
  
  // These permissions apply to the servlet container's core code, plus any
  // libraries installed in the "server" directory
  grant codebase "file:${catalina.home}/bin/bootstrap.jar" {
          permission java.security.AllPermission;
  };
  grant codebase "file:${catalina.home}/server/-" {
          permission java.security.AllPermission;
  };
  
  
  // These permissions apply to all extension libraries (including Jasper,
  // if present) installed in the "lib" directory
  grant codebase "file:${catalina.home}/lib/-" {
          permission java.security.AllPermission;
  };
  
  
  // ========== WEB APPLICATION PERMISSIONS =====================================
  
  
  // These permissions are granted by default to all web applications
  grant { 
  	permission java.util.PropertyPermission "java.version", "read";
  	permission java.util.PropertyPermission "java.vendor", "read";
  	permission java.util.PropertyPermission "java.vendor.url", "read";
  	permission java.util.PropertyPermission "java.class.version", "read";
  	permission java.util.PropertyPermission "os.name", "read";
  	permission java.util.PropertyPermission "os.version", "read";
  	permission java.util.PropertyPermission "os.arch", "read";
  	permission java.util.PropertyPermission "file.separator", "read";
  	permission java.util.PropertyPermission "path.separator", "read";
  	permission java.util.PropertyPermission "line.separator", "read";
  
  	permission java.util.PropertyPermission "java.specification.version", "read";
  	permission java.util.PropertyPermission "java.specification.vendor", "read";
  	permission java.util.PropertyPermission "java.specification.name", "read";
  
  	permission java.util.PropertyPermission "java.vm.specification.version", "read";
  	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
  	permission java.util.PropertyPermission "java.vm.specification.name", "read";
  	permission java.util.PropertyPermission "java.vm.version", "read";
  	permission java.util.PropertyPermission "java.vm.vendor", "read";
  	permission java.util.PropertyPermission "java.vm.name", "read";
  };
  
  
  // Also by default, each web application is granted a set of permissions based
  // on its document root.  These permission additions are hard coded into
  // Catalina, and can not be adjusted in this file.  Conceptually, the additions
  // for a given web application look like this:
  //
  // grant codebase "file:${doc.root}/-" {
  //      permission java.io.FilePermission "${doc.root}", "read";
  //      permission java.io.FilePermission "${work.dir}", "read,write,delete";
  // };
  
  
  // You can assign additional permissions to particular web applications by
  // adding additional "grant" entries here, based on the code base for that
  // application.  For instance, assume that the standard "exmamples" application
  // included a JDBC driver that needed to establish a network connection to the
  // corresponding database.  You might create a "grant" entry like this:
  //
  // grant codebase "file:${catalina.home}/webapps/examples/-" {
  //      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
  // }
  
  
  
  
  

Mime
View raw message