tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gl...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/doc/uguide tomcat-security.html
Date Thu, 28 Dec 2000 21:59:35 GMT
glenn       00/12/28 13:59:35

  Modified:    src/doc/uguide Tag: tomcat_32 tomcat-security.html
  Log:
  SecurityManager under unix
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.2   +2 -168    jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html
  
  Index: tomcat-security.html
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html,v
  retrieving revision 1.1.2.1
  retrieving revision 1.1.2.2
  diff -u -r1.1.2.1 -r1.1.2.2
  --- tomcat-security.html	2000/11/17 20:44:51	1.1.2.1
  +++ tomcat-security.html	2000/12/28 21:59:34	1.1.2.2
  @@ -1,6 +1,7 @@
   <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
   <html>
   <head>
  +   <title>Using the Java SecurityManager with Tomcat</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      <meta name="GENERATOR" content="Mozilla/4.7 [en] (X11; I; SunOS 5.7 i86pc) [Netscape]">
   </head>
  @@ -23,18 +24,11 @@
   <a href="#permissions">Types of Permissions</a></li>
   
   <li>
  -<a href="#config">Configuring Tomcat for use with a SecurityManager</a></li>
  +<a href="tomcat-security-unix.html">Tomcat SecurityManager setup with Unix</a></li>
   
   <li>
  -<a href="#start">Starting Tomcat with a SecurityManager</a></li>
  -
  -<li>
   <a href="#violation">What happens when the SecurityManager detects a Security
   violation?</a></li>
  -
  -<li>
  -<a href="#trouble">Trouble shooting tomcat.policy configuration and Security
  -Violations</a></li>
   </ul>
   
   <h3>
  @@ -102,170 +96,10 @@
   were running Tomcat without a SecurityManager.
   <br>&nbsp;
   <h3>
  -<a NAME="config"></a>Configuring Tomcat for use with a SecurityManager</h3>
  -<b>tomcat.policy</b>
  -<p>The security policies implemented by the Java SecurityManager are configured
  -in the <b>tomcat.policy </b>file located in the tomcat conf directory.&nbsp;
  -The tomcat.policy file replaces any system java.policy file.&nbsp; The
  -tomcat.policy file can be edited by hand or you can use the <b>policytool
  -</b>application
  -that comes with Java 1.2.
  -<p>Entries in the tomcat.policy file use the standard java.policy file
  -format as follows:
  -<table BORDER=0 >
  -<tr>
  -<td>
  -<pre>// Example policy file entry
  -
  -grant [signedBy &lt;signer> [,codeBase &lt;code source>] {
  -&nbsp;&nbsp;&nbsp; permission &lt;class> [&lt;name> [, &lt;action
list>]];
  -};</pre>
  -</td>
  -</tr>
  -</table>
  -The <b>signedBy</b> and <b>codeBase </b>entries are optional when
granting
  -permissions. Comment lines begin with // and end at a new line.
  -<p>The codeBase is in the form of a URL and for a file URL can use the
  -${java.home} and ${tomcat.home} properties which are expanded out to the
  -directory paths defined for them.
  -<p>Default tomcat.policy file
  -<table BORDER=0 >
  -<tr>
  -<td>
  -<pre>// Permissions for tomcat.
  -
  -// javac needs this
  -grant codeBase "file:${java.home}/lib/-" {
  -&nbsp; permission java.security.AllPermission;
  -};
  -
  -// Tomcat gets all permissions
  -grant codeBase "file:${tomcat.home}/lib/-" {
  -&nbsp; permission java.security.AllPermission;
  -};
  -
  -grant codeBase "file:${tomcat.home}/classes/-" {
  -&nbsp; permission java.security.AllPermission;
  -};
  -
  -// Example webapp policy
  -// By default we grant read access on webapp dir
  -// and read of the line.separator PropertyPermission
  -grant codeBase "file:${tomcat.home}/webapps/examples" {
  -&nbsp; permission java.net.SocketPermission "localhost:1024-","listen";
  -&nbsp; permission java.util.PropertyPermission "*","read";
  -};</pre>
  -</td>
  -</tr>
  -</table>
  -
  -<p>Here is an example where in addition to the above, we want to grant
  -the examples web application the ability to connect to the localhost smtp
  -port so that it can send mail.
  -<table BORDER=0 >
  -<tr>
  -<td>
  -<pre>grant codeBase "file:${tomcat.home}/webapps/examples" {
  -&nbsp; permission java.net.SocketPermission "localhost:25","connect";
  -&nbsp; permission java.net.SocketPermission "localhost:1024","listen";
  -&nbsp; permission java.util.PropertyPermission "*","read";
  -};</pre>
  -</td>
  -</tr>
  -</table>
  -Now what if we wanted to give all contexts not configured by their own
  -grant entry some default permissions in addition to what Tomcat assigns
  -by default.
  -<table BORDER=0 >
  -<tr>
  -<td>
  -<pre>grant {
  -&nbsp; permission java.net.SocketPermission "localhost:1024","listen";
  -&nbsp; permission java.util.PropertyPermission "*","read";
  -};</pre>
  -</td>
  -</tr>
  -</table>
  -Finally, a more complex tomcat.policy file.&nbsp; In this case we are using
  -Tomcat as an app server for a number of remote web servers.&nbsp; We want
  -to limit what remote web servers can connect to Tomcat by using the Java
  -SecurityManager.
  -<br>&nbsp;
  -<table BORDER=0 >
  -<tr>
  -<td>
  -<pre>// Permissions for tomcat.
  -// javac needs this
  -grant codeBase "file:${java.home}/lib/-" {
  -&nbsp; permission java.security.AllPermission;
  -};
  -
  -// Tomcat with IP filtering
  -grant codeBase "file:${tomcat.home}/lib/-" {
  -&nbsp; // Tomcat should be able to read/write all properties
  -&nbsp; permission java.util.PropertyPermission "*","read,write";
  -&nbsp; // Tomcat needs to be able to read files in its own directory
  -&nbsp; permission java.io.FilePermission "${tomcat.home}/-","read";
  -&nbsp; // Tomcat has to be able to write its logs
  -&nbsp; permission java.io.FilePermission "${tomcat.home}/logs/-","read,write";
  -&nbsp; // Tomcat has to be able to write to the conf directory
  -&nbsp; permission java.io.FilePermission "${tomcat.home}/conf/-","read,write";
  -&nbsp; // Tomcat has to be able to compile JSP's
  -&nbsp; permission java.io.FilePermission "${tomcat.home}/work/-","read,write,delete";
  -&nbsp; // Tomcat needs all the RuntimePermission's
  -&nbsp; permission java.lang.RuntimePermission "*";
  -&nbsp; // Needed so Tomcat can set security policy for a Context
  -&nbsp; permission java.security.SecurityPermission "*";
  -&nbsp; // Needed so that Tomcat will accept connections from a remote web server
  -&nbsp; // Replace XXX.XXX.XXX.XXX with the IP address of the remote web server
  -&nbsp; permission java.net.SocketPermission "XXX.XXX.XXX.XXX:1024-","accept,listen,resolve";
  -&nbsp; // Tomcat has to be able to use its port on the localhost
  -&nbsp; permission java.net.SocketPermission "localhost:1024-","connect,accept,listen,resolve";
  -};
  -
  -// Example webapp policy
  -// By default we grant read access on webapp dir
  -// and read of the line.separator PropertyPermission
  -grant codeBase "file:${tomcat.home}/webapps/examples" {
  -&nbsp; permission java.net.SocketPermission "localhost:1024-","listen";
  -&nbsp; permission java.util.PropertyPermission "*","read";
  -};</pre>
  -</td>
  -</tr>
  -</table>
  -
  -<p><b>server.xml</b>
  -<p>Uncomment out the entry in server.xml for the ContextInterceptor which
  -defines the class named PolicyInterceptor.
  -<br>&nbsp;
  -<h3>
  -<a NAME="start"></a>Starting Tomcat with a SecurityManager</h3>
  -Once you have configured the tomcat.policy and server.xml files for use
  -with a SecurityManager, Tomcat can be started with the SecurityManager
  -in place by using the "-security" option to bin/startup.bat or bin/startup.sh.
  -<br>&nbsp;
  -<h3>
   <a NAME="violation"></a>What happens when the SecurityManager detects a
   Security violation?</h3>
   The JVM will throw an AccessControlException or a SecurityException when
   the SecurityManager detects a security policy violation.
  -<br>&nbsp;
  -<h2>
  -<a NAME="trouble"></a>Trouble shooting tomcat.policy configuration and
  -Security Violations</h2>
  -<b>JSP Compile using JVM internal javac fails with AccessControlException
  -for RuntimePermission accessClassInPackage sun.tools.javac.</b>
  -<p>Check your JAVA_HOME/jre/lib/security/java.security file configuration.&nbsp;
  -Comment out the line "package.access=sun.".
  -<p><b>JSP Compile using JVM&nbsp;internal javac fails with AccessControlException
  -for FilePermission read of tomcat work directory.</b>
  -<p>Try defining an absolute path for the codeBase needed in the policy
  -grant for java itself instead of the ${java.home} property.
  -<p>
  -<pre>// javac needs this
  -grant codeBase "file:/usr/java/lib/-" {
  -  permission java.security.AllPermission;
  -};</pre>
   <br>&nbsp;
   </body>
   </html>
  
  
  

Mime
View raw message