tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfarc...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.properties
Date Mon, 04 Nov 2002 05:33:50 GMT
jfarcand    2002/11/03 21:33:50

  Modified:    catalina/src/conf catalina.properties
  Log:
  Use the catalina.properties file to customize the package protection/access. This new security
m
  echanism enable the customization, at runtime, of which package should be protected.
  
  the following package will be protected by default:
  
  o.a.catalina
  o.a.jasper(*)
  o.a.coyote
  o.a.tomcat.util
  
  (*) Tomcat 5 is broken when a JSP use a class from jsp20el.jar and when the SecurityManager
is t
  urned on. Even if you remove all the protection, Tomcat fail to properly runs the example.
  
  o.a.coyote.tomcat5 has been securized in order to support package protection.
  
  Revision  Changes    Path
  1.4       +3 -2      jakarta-tomcat-catalina/catalina/src/conf/catalina.properties
  
  Index: catalina.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.properties,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- catalina.properties	4 Nov 2002 05:12:56 -0000	1.3
  +++ catalina.properties	4 Nov 2002 05:33:50 -0000	1.4
  @@ -4,7 +4,7 @@
   # passed to checkPackageAccess unless the
   # corresponding RuntimePermission ("accessClassInPackage."+package) has
   # been granted.
  -package.access=sun.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.,org.apache.jsp.
  +package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.compiler.,org.apache.jasper.core.,org.apache.jasper.logging.,org.apache.jasper.resources.,org.apache.jasper.servlet.,org.apache.jasper.util.,org.apache.jasper.xmlparser
   
   #
   # List of comma-separated packages that start with or equal this string
  @@ -16,8 +16,9 @@
   # by default, no packages are restricted for definition, and none of
   # the class loaders supplied with the JDK call checkPackageDefinition.
   #
  -package.definition=sun.,java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.,org.apache.jsp
  +package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.compiler.,org.apache.jasper.core.,org.apache.jasper.logging.,org.apache.jasper.resources.,org.apache.jasper.servlet.,org.apache.jasper.util.,org.apache.jasper.xmlparser
   
  +#
   #
   # List of comma-separated paths defining the contents of the "common" 
   # classloader. Prefixes should be used to define what is the repository type.
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message