tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1417624 [34/38] - in /tomcat/site/trunk/docs/tomcat-8.0-doc: ./ api/ appdev/ appdev/sample/ appdev/sample/docs/ appdev/sample/src/ appdev/sample/src/mypackage/ appdev/sample/web/ appdev/sample/web/WEB-INF/ appdev/sample/web/images/ archite...
Date Wed, 05 Dec 2012 20:21:01 GMT
Added: tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html?rev=1417624&view=auto
==============================================================================
--- tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html (added)
+++ tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html Wed Dec  5 20:20:35 2012
@@ -0,0 +1,388 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 8 (8.0.0-dev) - Security Considerations</title><style type="text/css" media="print">
+            .noPrint {display: none;}
+            td#mainBody {width: 100%;}
+        </style><style type="text/css">
+            code {background-color:rgb(224,255,255);padding:0 0.1em;}
+            code.attributeName, code.propertyName {background-color:transparent;}
+        </style><style type="text/css">
+            .wrapped-source code { display: block; background-color: transparent; }
+            .wrapped-source div { margin: 0 0 0 1.25em; }
+            .wrapped-source p { margin: 0 0 0 1.25em; text-indent: -1.25em; }
+        </style><style type="text/css">
+            p.notice {
+                border: 1px solid rgb(255, 0, 0);
+                background-color: rgb(238, 238, 238);
+                color: rgb(0, 51, 102);
+                padding: 0.5em;
+                margin: 1em 2em 1em 1em;
+            }
+        </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
+      The Apache Tomcat Servlet/JSP Container
+    " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 8</font></h1><font face="arial,helvetica,sanserif">Version 8.0.0-dev, Dec 5 2012</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="
 manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li
 ><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li><li><a href="security-howto.html">28) Security Considerations</a></li><li><a href="windows-service-howto.html">29) Windows Service</a></li><li><a href="windows-auth-howto.html">30) Windows Authentication</a></li><li><a href="jdbc-pool.html">31) Tomcat's JDBC Pool</a></li><li><a href="web-socket-howto.html">32) WebSocket</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Tomcat Javadocs</a></li><li><a href="servletapi/index.html">Servlet Javadocs</a></li><li><a href="jspapi/index.html">JSP 2.2 Javadocs</a></li><li><a href="elapi/i
 ndex.html">EL 2.2 Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li><li><a href="tribes/index.html">Tribes</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Security Considerations</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Non-Tomcat_settings">Non-Tomcat settings</a></li><li><a href="#Default_web_applications">Default web applications</a></li><li><a href="#Security_manager">Security manager</a></li><li><a href="#server.xml">server.xml</a><ol><li><a href="#server.xml/General">General</a></li><li><a href="#Server">Server</a></li><li><a href="#Listeners">Listeners</a></li><li><a href="#Connectors">Connectors</a></li><li><a href="#Host">Host</a></li><li><a href="#Context">Context</a></li><li><a href="#Valves">Valves</a></li><li><a href="#Realms">Realms</a></li><li><a href="#Manager">Manager</a></li></ol></li><li><a href="#System_Properties">System Properties</a></li><li><a href="#web.xml">web.xml</a></li><li><a href="#General">General</a></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+    <p>Tomcat is configured to be reasonably secure for most use cases by
+    default. Some environments may require more, or less, secure configurations.
+    This page is to provide a single point of reference for configuration
+    options that may impact security and to offer some commentary on the
+    expected impact of changing those options. The intention is to provide a
+    list of configuration options that should be considered when assessing the
+    security of a Tomcat installation.</p>
+
+    <p><strong>Note</strong>: Reading this page is not a substitute for reading
+    and understanding the detailed configuration documentation. Fuller
+    descriptions of these attributes may be found in the relevant documentation
+    pages.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Non-Tomcat settings"><!--()--></a><a name="Non-Tomcat_settings"><strong>Non-Tomcat settings</strong></a></font></td></tr><tr><td><blockquote>
+    <p>Tomcat configuration should not be the only line of defense. The other
+    components in the system (operating system, network, database, etc.) should
+    also be secured.</p>
+    <p>Tomcat should not be run under the root user. Create a dedicated user for
+    the Tomcat process and provide that user with the minimum necessary
+    permissions for the operating system. For example, it should not be possible
+    to log on remotely using the Tomcat user.</p>
+    <p>File permissions should also be suitable restricted. Taking the Tomcat
+    instances at the ASF as an example (where auto-deployment is disabled and
+    web applications are deployed as exploded directories), the standard
+    configuration is to have all Tomcat files owned by root with group Tomcat
+    and whilst owner has read/write priviliges, group only has read and world
+    has no permissions. The exceptions are the logs, temp and work directory
+    that are owned by the Tomcat user rather than root. This means that even if
+    an attacker compromises the Tomcat process, they can't change the
+    Tomcat configuration, deploy new web applications or modify existing web
+    applications. The Tomcat process runs with a umask of 007 to maintain these
+    permissions.</p>
+    <p>At the network level, consider using a firewall to limit both incoming
+    and outgoing connections to only those connections you  expect to be
+    present.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Default web applications"><!--()--></a><a name="Default_web_applications"><strong>Default web applications</strong></a></font></td></tr><tr><td><blockquote>
+    <p>Tomcat ships with a number of web applications by default.
+    Vulnerabilities have been discovered in these applications in the past.
+    Applications that are not required should be removed so the system will not
+    be at risk if another vulnerability is discovered.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Security manager"><!--()--></a><a name="Security_manager"><strong>Security manager</strong></a></font></td></tr><tr><td><blockquote>
+    <p>Enabling the security manager causes web applications to be run in a
+    sandbox, significantly limiting a web application's ability to perform
+    malicious actions such as calling System.exit(), establishing network
+    connections or accessing the file system outside of the web application's
+    root and temporary directories. However, it should be noted that there are
+    some malicious actions, such as triggering high CPU consumption via an
+    infinite loop, that the security manager cannot prevent.</p>
+
+    <p>Enabling the security manager is usually done to limit the potential
+    impact, should an attacker find a way to compromise a trusted web
+    application . A security manager may also be used to reduce the risks of
+    running untrusted web applications (e.g. in hosting environments) but it
+    should be noted that the security manager only reduces the risks of
+    running untrusted web applications, it does not eliminate them. If running
+    multiple untrusted web applications, it is recommended that each web
+    application is deployed to a separate Tomcat instance (and ideally separate
+    hosts) to reduce the ability of a malicious web application impacting the
+    availability of other applications.</p>
+
+    <p>Tomcat is tested with the security manager enabled; but the majority of
+    Tomcat users do not run with a security manager, so Tomcat is not as well
+    user-tested in this configuration. There have been, and continue to be,
+    bugs reported that are triggered by running under a security manager.</p>
+
+    <p>The restrictions imposed by a security manager are likely to break most
+    applications if the security manager is enabled. The security manager should
+    not be used without extensive testing. Ideally, the use of a security
+    manager should be introduced at the start of the development cycle as it can
+    be time-consuming to track down and fix issues caused by enabling a security
+    manager for a mature application.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="server.xml"><strong>server.xml</strong></a></font></td></tr><tr><td><blockquote>
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="server.xml/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>
+      <p>The default server.xml contains a large number of comments, including
+      some example component definitions that are commented out. Removing these
+      comments makes it considerably easier to read and comprehend
+      server.xml.</p>
+      <p>If a component type is not listed, then there are no settings for that
+      type that directly impact security.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Server"><strong>Server</strong></a></font></td></tr><tr><td><blockquote>
+      <p>Setting the <strong>port</strong> attribute to <code>-1</code> disables
+      the shutdown port.</p>
+      <p>If the shutdown port is not disabled, a strong password should be
+      configured for <strong>shutdown</strong>.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Listeners"><strong>Listeners</strong></a></font></td></tr><tr><td><blockquote>
+      <p>The APR Lifecycle Listener is not stable if compiled on Solaris using
+      gcc. If using the APR/native connector on Solaris, compile it with the
+      Sun Studio compiler.</p>
+
+      <p>The Security Listener should be enabled and configured as appropriate.
+      </p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Connectors"><strong>Connectors</strong></a></font></td></tr><tr><td><blockquote>
+      <p>By default, an HTTP and an AJP connector are configured. Connectors
+      that will not be used should be removed from server.xml.</p>
+
+      <p>The <strong>address</strong> attribute may be used to control which IP
+      address the connector listens on for connections. By default, the
+      connector listens on all configured IP addresses.</p>
+
+      <p>The <strong>allowTrace</strong> attribute may be used to enable TRACE
+      requests which can be useful for debugging. Due to the way some browsers
+      handle the response from a TRACE request (which exposes the browser to an
+      XSS attack), support for TRACE requests is disabled by default.</p>
+
+      <p>The <strong>maxPostSize</strong> attribute controls the maximum size
+      of a POST request that will be parsed for parameters. The parameters are
+      cached for the duration of the request so this is limited to 2MB by
+      default to reduce exposure to a DOS attack.</p>
+
+      <p>The <strong>maxSavePostSize</strong> attribute controls the saving of
+      POST requests during FORM and CLIENT-CERT authentication. The parameters
+      are cached for the duration of the authentication (which may be many
+      minutes) so this is limited to 4KB by default to reduce exposure to a DOS
+      attack.</p>
+
+      <p>The <strong>maxParameterCount</strong> attribute controls the
+      maximum number of parameter and value pairs (GET plus POST) that can
+      be parsed and stored in the request. Excessive parameters are ignored.
+      If you want to reject such requests, configure a
+      <a href="config/filter.html">FailedRequestFilter</a>.</p>
+
+      <p>The <strong>xpoweredBy</strong> attribute controls whether or not the
+      X-Powered-By HTTP header is sent with each request. If sent, the value of
+      the header contains the Servlet and JSP specification versions, the full
+      Tomcat version (e.g. Apache Tomcat/7.0.0), the name of the JVM vendor and
+      the version of the JVM. This header is disabled by default. This header
+      can provide useful information to both legitimate clients and attackers.
+      </p>
+
+      <p>The <strong>server</strong> attribute controls the value of the Server
+      HTTP header. The default value of this header for Tomcat 4.1.x, 5.0.x,
+      5.5.x, 6.0.x and 7.0.x is Apache-Coyote/1.1. This header can provide
+      limited information to both legitimate clients and attackers.</p>
+
+      <p>The <strong>SSLEnabled</strong>, <strong>scheme</strong> and
+      <strong>secure</strong> attributes may all be independently set. These are
+      normally used when Tomcat is located behind a reverse proxy and the proxy
+      is connecting to Tomcat via HTTP or HTTPS. They allow Tomcat to see the
+      SSL attributes of the connections between the client and the proxy rather
+      than the proxy and Tomcat. For example, the client may connect to the
+      proxy over HTTPS but the proxy connects to Tomcat using HTTP. If it is
+      necessary for Tomcat to be able to distinguish between secure and
+      non-secure connections received by a proxy, the proxy must use separate
+      connectors to pass secure and non-secure requests to Tomcat. If the
+      proxy uses AJP then the SSL attributes of the client connection are
+      passed via the AJP protocol and separate connectors are not needed.</p>
+
+      <p>The <strong>ciphers</strong> attribute controls the ciphers used for
+      SSL connections. By default, the default ciphers for the JVM will be used.
+      This usually means that the weak export grade ciphers will be included in
+      the list of available ciphers. Secure environments will normally want to
+      configure a more limited set of ciphers.</p>
+
+      <p>The <strong>tomcatAuthentication</strong> attribute is used with the
+      AJP connectors to determine if Tomcat should authenticate the user or if
+      authentication can be delegated to the reverse proxy that will then pass
+      the authenticated username to Tomcat as part of the AJP protocol.</p>
+
+      <p>The <strong>allowUnsafeLegacyRenegotiation</strong> attribute provides
+      a workaround for
+      <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">
+      CVE-2009-3555</a>, a TLS man in the middle attack. This workaround applies
+      to the BIO connector. It is only necessary if the underlying SSL
+      implementation is vulnerable to CVE-2009-3555. For more information on the
+      current state of this vulnerability and the work-arounds available see the
+      <a href="http://tomcat.apache.org/security-7.html">Tomcat 7 security
+      page</a>.</p>
+
+      <p>The <strong>requiredSecret</strong> attribute in AJP connectors
+      configures shared secret between Tomcat and reverse proxy in front of
+      Tomcat. It is used to prevent unauthorized connections over AJP protocol.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Host"><strong>Host</strong></a></font></td></tr><tr><td><blockquote>
+      <p>The host element controls deployment. Automatic deployment allows for
+      simpler management but also makes it easier for an attacker to deploy a
+      malicious application. Automatic deployment is controlled by the
+      <strong>autoDeploy</strong> and <strong>deployOnStartup</strong>
+      attributes. If both are <code>false</code>, only Contexts defined in
+      server.xml will be deployed and any changes will require a Tomcat restart.
+      </p>
+
+      <p>In a hosted environment where web applications may not be trusted, set
+      the <strong>deployXml</strong> attribute to false to ignore any
+      context.xml packaged with the web application that may try to assign
+      increased privileges to the web application. </p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Context"><strong>Context</strong></a></font></td></tr><tr><td><blockquote>
+      <p>This applies to <a href="config/context.html">Context</a>
+      elements in all places where they can be defined:
+      <code>server.xml</code> file,
+      default <code>context.xml</code> file,
+      per-host <code>context.xml.default</code> file,
+      web application context file in per-host configuration directory
+      or inside the web application.</p>
+
+      <p>The <strong>crossContext</strong> attribute controls if a context is
+      allowed to access the resources of another context. It is
+      <code>false</code> by default and should only be changed for trusted web
+      applications.</p>
+
+      <p>The <strong>privileged</strong> attribute controls if a context is
+      allowed to use container provided servlets like the Manager servlet. It is
+      <code>false</code> by default and should only be changed for trusted web
+      applications.</p>
+
+      <p>The <strong>allowLinking</strong> attribute controls if a context is
+      allowed to use linked files. If enabled and the context is undeployed, the
+      links will be followed when deleting the context resources. Changing this
+      setting from the default of <code>false</code> on case insensitive
+      operating systems (this includes Windows) will disable a number of
+      security measures and allow, among other things, direct access to the
+      WEB-INF directory.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Valves"><strong>Valves</strong></a></font></td></tr><tr><td><blockquote>
+      <p>It is strongly recommended that an AccessLogValve is configured. The
+      default Tomcat configuration includes an AccessLogValve. These are
+      normally configured per host but may also be configured per engine or per
+      context as required.</p>
+
+      <p>Any administrative application should be protected by a
+      RemoteAddrValve. (Note that this Valve is also available as a Filter.)
+      The <strong>allow</strong> attribute should be used to limit access to a
+      set of known trusted hosts.</p>
+
+      <p>The default ErrorReportValve includes the Tomcat version number in the
+      response sent to clients. To avoid this, custom error handling can be
+      configured within each web application. Alternatively, the version number
+      can be changed by creating the file
+      CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties with
+      content as follows:</p>
+      <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+server.info=Apache Tomcat/7.0.x
+      </pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+      <p>Modify the values as required. Note that this will also change the version
+      number reported in some of the management tools and may make it harder to
+      determine the real version installed. The CATALINA_HOME/bin/version.bat|sh
+      script will still report the version number.</p>
+
+      <p>The default ErrorReportValve can display stack traces and/or JSP
+      source code to clients when an error occurs. To avoid this, custom error
+      handling can be configured within each web application.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Realms"><strong>Realms</strong></a></font></td></tr><tr><td><blockquote>
+      <p>The MemoryRealm is not intended for production use as any changes to
+      tomcat-users.xml require a restart of Tomcat to take effect.</p>
+
+      <p>The JDBCRealm is not recommended for production use as it is single
+      threaded for all authentication and authorization options. Use the
+      DataSourceRealm instead.</p>
+
+      <p>The UserDatabaseRealm is not intended for large-scale installations. It
+      is intended for small-scale, relatively static environments.</p>
+
+      <p>The JAASRealm is not widely used and therefore the code is not as
+      mature as the other realms. Additional testing is recommended before using
+      this realm.</p>
+
+      <p>By default, the realms do not implement any form of account lock-out.
+      This means that brute force attacks can be successful. To prevent a brute
+      force attack, the chosen realm should be wrapped in a LockOutRealm.</p>
+    </blockquote></td></tr></table>
+
+    <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Manager"><strong>Manager</strong></a></font></td></tr><tr><td><blockquote>
+      <p>The manager component is used to generate session IDs.</p>
+
+      <p>The default <strong>entropy</strong> value has been shown to generate predictable values
+      under certain conditions. For more secure session generation, this should
+      be set to a long string. This is done automatically if the APR/native
+      library is installed; a random value will be obtained from the APR/native
+      library.</p>
+
+      <p>The class used to generate random session IDs may be changed with
+      the <strong>randomClass</strong> attribute.</p>
+
+      <p>The length of the session ID may be changed with the
+      <strong>sessionIdLength</strong> attribute.</p>
+    </blockquote></td></tr></table>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="System Properties"><!--()--></a><a name="System_Properties"><strong>System Properties</strong></a></font></td></tr><tr><td><blockquote>
+    <p>Setting <strong>org.apache.catalina.connector.RECYCLE_FACADES</strong>
+    system property to <code>true</code> will cause a new facade object to be
+    created for each request. This reduces the chances of a bug in an
+    application exposing data from one request to another.</p>
+
+    <p>The <strong>
+    org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</strong> and
+    <strong>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</strong>
+    system properties allow non-standard parsing of the request URI. Using
+    these options when behind a reverse proxy may enable an attacker to bypass
+    any security constraints enforced by the proxy.</p>
+
+    <p>The <strong>
+    org.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER
+    </strong> system property has security implications if disabled. Many user
+    agents, in breach of RFC2616, try to guess the character encoding of text
+    media types when the specification-mandated default of ISO-8859-1 should be
+    used. Some browsers will interpret as UTF-7 a response containing characters
+    that are safe for ISO-8859-1 but trigger an XSS vulnerability if interpreted
+    as UTF-7.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="web.xml"><strong>web.xml</strong></a></font></td></tr><tr><td><blockquote>
+    <p>This applies to the default <code>conf/web.xml</code> file and
+    <code>WEB-INF/web.xml</code> files in web applications if they define
+    the components mentioned here.</p>
+
+    <p>The <a href="default-servlet.html">DefaultServlet</a> is configured
+    with <strong>readonly</strong> set to
+    <code>true</code>. Changing this to <code>false</code> allows clients to
+    delete or modify static resources on the server and to upload new
+    resources. This should not normally be changed without requiring
+    authentication.</p>
+
+    <p>The DefaultServlet is configured with <strong>listings</strong> set to
+    <code>false</code>. This isn't because allowing directory listings is
+    considered unsafe but because generating listings of directories with
+    thousands of files can consume significant CPU leading to a DOS attack.
+    </p>
+
+    <p><a href="config/filter.html">FailedRequestFilter</a>
+    can be configured and used to reject requests that had errors during
+    request parameter parsing. Without the filter the default behaviour is
+    to ignore invalid or excessive parameters.</p>
+  </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>
+    <p>BASIC and FORM authentication pass user names and passwords in clear
+    text. Web applications using these authentication mechanisms with clients
+    connecting over untrusted networks should use SSL.</p>
+
+    <p>The session cookie for a session with an authenticated user are nearly
+    as useful as the user's password to an attacker and in nearly all
+    circumstances should be afforded the same level of protection as the
+    password itself. This usually means authenticating over SSL and continuing
+    to use SSL until the session ends.</p>
+  </blockquote></td></tr></table></td></tr><tr class="noPrint"><td width="20%" valign="top" nowrap class="noPrint"></td><td width="80%" valign="top" align="left"><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="comments_section" id="comments_section"><strong>Comments</strong></a></font></td></tr><tr><td><blockquote><p class="notice"><strong>Notice: </strong>This is not a Q&amp;A section.
+              The Apache Comments System is explained
+              <a href="/tomcat-8.0-doc/comments.html">here</a>.
+              Comments should be pointed towards suggestions on improving the documentation
+              or server, and may be removed again by our moderators if they are either
+              implemented or considered invalid/off-topic.
+              Questions on how to manage Apache Tomcat should be directed
+              to our <a href="http://tomcat.apache.org/lists.html">mailing lists</a>.</p><script type="text/javascript"><!--//--><![CDATA[//><!--
+              var comments_shortname = 'tomcat';
+              var comments_identifier = 'http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html';
+              (function(w, d) {
+                  if (w.location.hostname.toLowerCase() == "tomcat.apache.org") {
+                      d.write('<div id="comments_thread"><\/div>');
+                      var s = d.createElement('script');
+                      s.type = 'text/javascript';
+                      s.async = true;
+                      s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+                      (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+                  }
+                  else {
+                      d.write('<div id="comments_thread"><strong>Comments are disabled for this page at the moment.</strong><\/div>');
+                  }
+              })(window, document);
+              //--><!]]></script></blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+        Copyright &copy; 1999-2012, Apache Software Foundation
+        </em></font></div></td></tr></table></body></html>
\ No newline at end of file

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/security-howto.html
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html?rev=1417624&view=auto
==============================================================================
--- tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html (added)
+++ tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html Wed Dec  5 20:20:35 2012
@@ -0,0 +1,513 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 8 (8.0.0-dev) - Security Manager HOW-TO</title><meta name="author" content="Glenn Nielsen"><meta name="author" content="Jean-Francois Arcand"><style type="text/css" media="print">
+            .noPrint {display: none;}
+            td#mainBody {width: 100%;}
+        </style><style type="text/css">
+            code {background-color:rgb(224,255,255);padding:0 0.1em;}
+            code.attributeName, code.propertyName {background-color:transparent;}
+        </style><style type="text/css">
+            .wrapped-source code { display: block; background-color: transparent; }
+            .wrapped-source div { margin: 0 0 0 1.25em; }
+            .wrapped-source p { margin: 0 0 0 1.25em; text-indent: -1.25em; }
+        </style><style type="text/css">
+            p.notice {
+                border: 1px solid rgb(255, 0, 0);
+                background-color: rgb(238, 238, 238);
+                color: rgb(0, 51, 102);
+                padding: 0.5em;
+                margin: 1em 2em 1em 1em;
+            }
+        </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
+      The Apache Tomcat Servlet/JSP Container
+    " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 8</font></h1><font face="arial,helvetica,sanserif">Version 8.0.0-dev, Dec 5 2012</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="
 manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li
 ><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li><li><a href="security-howto.html">28) Security Considerations</a></li><li><a href="windows-service-howto.html">29) Windows Service</a></li><li><a href="windows-auth-howto.html">30) Windows Authentication</a></li><li><a href="jdbc-pool.html">31) Tomcat's JDBC Pool</a></li><li><a href="web-socket-howto.html">32) WebSocket</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Tomcat Javadocs</a></li><li><a href="servletapi/index.html">Servlet Javadocs</a></li><li><a href="jspapi/index.html">JSP 2.2 Javadocs</a></li><li><a href="elapi/i
 ndex.html">EL 2.2 Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li><li><a href="tribes/index.html">Tribes</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Security Manager HOW-TO</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Background">Background</a></li><li><a href="#Permissions">Permissions</a><ol><li><a href="#Standard_Permissions">Standard Permissions</a></li><li><a href="#Tomcat_Custom_Permissions">Tomcat Custom Permissions</a></li></ol></li><li><a href="#Configuring_Tomcat_With_A_SecurityManager">Configuring Tomcat With A SecurityManager</a></li><li><a href="#Configuring_Package_Protection_in_Tomcat">Configuring Package Protection in Tomcat</a></li><li><a href="#Troubleshooting">Troubleshooting</a></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Background"><strong>Background</strong></a></font></td></tr><tr><td><blockquote>
+
+  <p>The Java <strong>SecurityManager</strong> is what allows a web browser
+  to run an applet in its own sandbox to prevent untrusted code from
+  accessing files on the local file system, connecting to a host other
+  than the one the applet was loaded from, and so on.  In the same way
+  the SecurityManager protects you from an untrusted applet running in
+  your browser, use of a SecurityManager while running Tomcat can protect
+  your server from trojan servlets, JSPs, JSP beans, and tag libraries.
+  Or even inadvertent mistakes.</p>
+
+  <p>Imagine if someone who is authorized to publish JSPs on your site
+  inadvertently included the following in their JSP:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;% System.exit(1); %&gt;
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  <p>Every time this JSP was executed by Tomcat, Tomcat would exit.
+  Using the Java SecurityManager is just one more line of defense a
+  system administrator can use to keep the server secure and reliable.</p>
+
+  <p><strong>WARNING</strong> - A security audit
+  have been conducted using the Tomcat codebase. Most of the critical
+  package have been protected and a new security package protection mechanism
+  has been implemented. Still, make sure that you are satisfied with your SecurityManager
+  configuration before allowing untrusted users to publish web applications,
+  JSPs, servlets, beans, or tag libraries.  <strong>However, running with a
+  SecurityManager is definitely better than running without one.</strong></p>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Permissions"><strong>Permissions</strong></a></font></td></tr><tr><td><blockquote>
+
+  <p>Permission classes are used to define what Permissions a class loaded
+  by Tomcat will have.  There are a number of Permission classes that are
+  a standard part of the JDK, and you can create your own Permission class
+  for use in your own web applications.  Both techniques are used in
+  Tomcat.</p>
+
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Standard Permissions"><!--()--></a><a name="Standard_Permissions"><strong>Standard Permissions</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>This is just a short summary of the standard system SecurityManager
+    Permission classes applicable to Tomcat.  See
+    <a href="http://java.sun.com/security/">http://java.sun.com/security/</a>
+    for more information.</p>
+
+    <ul>
+    <li><strong>java.util.PropertyPermission</strong> - Controls read/write
+        access to JVM properties such as <code>java.home</code>.</li>
+    <li><strong>java.lang.RuntimePermission</strong> - Controls use of
+        some System/Runtime functions like <code>exit()</code> and
+        <code>exec()</code>. Also control the package access/definition.</li>
+    <li><strong>java.io.FilePermission</strong> - Controls read/write/execute
+        access to files and directories.</li>
+    <li><strong>java.net.SocketPermission</strong> - Controls use of
+        network sockets.</li>
+    <li><strong>java.net.NetPermission</strong> - Controls use of
+        multicast network connections.</li>
+    <li><strong>java.lang.reflect.ReflectPermission</strong> - Controls
+        use of reflection to do class introspection.</li>
+    <li><strong>java.security.SecurityPermission</strong> - Controls access
+        to Security methods.</li>
+    <li><strong>java.security.AllPermission</strong> - Allows access to all
+        permissions, just as if you were running Tomcat without a
+        SecurityManager.</li>
+    </ul>
+
+  </blockquote></td></tr></table>
+
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat Custom Permissions"><!--()--></a><a name="Tomcat_Custom_Permissions"><strong>Tomcat Custom Permissions</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>Tomcat utilizes a custom permission class called
+    <strong>org.apache.naming.JndiPermission</strong>.  This permission
+    controls read access to JNDI named file based resources.  The permission
+    name is the JNDI name and there are no actions.  A trailing "*" can be
+    used to do wild card matching for a JNDI named file resource when
+    granting permission.  For example, you might include the following
+    in your policy file:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+permission  org.apache.naming.JndiPermission  "jndi://localhost/examples/*";
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+    <p>A Permission entry like this is generated dynamically for each web
+    application that is deployed, to allow it to read its own static resources
+    but disallow it from using file access to read any other files (unless
+    permissions for those files are explicitly granted).</p>
+
+    <p>Also, Tomcat always dynamically creates the following file permissions:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+permission java.io.FilePermission "** your application context**", "read";
+
+permission java.io.FilePermission
+  "** application working directory**", "read,write";
+permission java.io.FilePermission
+  "** application working directory**/-", "read,write,delete";
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>Where **your application context** equals the folder (or WAR file) under which
+    your application has been deployed and **application working directory** is the
+    temporary directory provided to your application as required by the
+    Servlet Specification.</p>
+
+  </blockquote></td></tr></table>
+
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Configuring Tomcat With A SecurityManager"><!--()--></a><a name="Configuring_Tomcat_With_A_SecurityManager"><strong>Configuring Tomcat With A SecurityManager</strong></a></font></td></tr><tr><td><blockquote>
+
+  <h3>Policy File Format</h3>
+
+  <p>The security policies implemented by the Java SecurityManager are
+  configured in the <code>$CATALINA_BASE/conf/catalina.policy</code> file.
+  This file completely replaces the <code>java.policy</code> file present
+  in your JDK system directories.  The <code>catalina.policy</code> file
+  can be edited by hand, or you can use the
+  <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyGuide.html">policytool</a>
+  application that comes with Java 1.2 or later.</p>
+
+  <p>Entries in the <code>catalina.policy</code> file use the standard
+  <code>java.policy</code> file format, as follows:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+// Example policy file entry
+
+grant [signedBy &lt;signer&gt;,] [codeBase &lt;code source&gt;] {
+  permission  &lt;class&gt;  [&lt;name&gt; [, &lt;action list&gt;]];
+};
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  <p>The <strong>signedBy</strong> and <strong>codeBase</strong> entries are
+  optional when granting permissions.  Comment lines begin with "//" and
+  end at the end of the current line.  The <code>codeBase</code> is in the
+  form of a URL, and for a file URL can use the <code>${java.home}</code>
+  and <code>${catalina.home}</code> properties (which are expanded out to
+  the directory paths defined for them by the <code>JAVA_HOME</code>,
+  <code>CATALINA_HOME</code> and <code>CATALINA_BASE</code> environment
+  variables).</p>
+
+  <h3>The Default Policy File</h3>
+
+  <p>The default <code>$CATALINA_BASE/conf/catalina.policy</code> file
+  looks like this:</p>
+
+
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// ============================================================================
+// catalina.policy - Security Policy Permissions for Tomcat 7
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to each web application:
+//
+// * Read access to the web application's document root directory
+// * Read, write and delete access to the web application's working directory
+//
+// $Id$
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
+// update this section accordingly.
+//  grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+        permission java.io.FilePermission
+         "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs", "read, write";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+
+        permission java.lang.RuntimePermission "shutdownHooks";
+        permission java.lang.RuntimePermission "getClassLoader";
+        permission java.lang.RuntimePermission "setContextClassLoader";
+
+        permission java.util.logging.LoggingPermission "control";
+
+        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+        permission java.util.PropertyPermission "catalina.base", "read";
+        permission java.util.PropertyPermission
+         "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
+        permission java.util.PropertyPermission
+         "org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME", "read";
+
+        // Note: To enable per context logging configuration, permit read access to
+        // the appropriate file. Be sure that the logging configuration is
+        // secure before enabling such access.
+        // E.g. for the examples web application (uncomment and unwrap
+        // the following to be on a single line):
+        // permission java.io.FilePermission "${catalina.base}${file.separator}
+        //  webapps${file.separator}examples${file.separator}WEB-INF
+        //  ${file.separator}classes${file.separator}logging.properties", "read";
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+
+// If using a per instance lib directory, i.e. ${catalina.base}/lib,
+// then the following permission will need to be uncommented
+// grant codeBase "file:${catalina.base}/lib/-" {
+//         permission java.security.AllPermission;
+// };
+
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant {
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+    permission java.util.PropertyPermission "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+
+    permission java.util.PropertyPermission "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+    // Allow read of JAXP compliant XML parser debug
+    permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // All JSPs need to be able to read this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
+
+    // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission
+     "accessClassInPackage.org.apache.jasper.runtime.*";
+
+    // Precompiled JSPs need access to these system properties.
+    permission java.util.PropertyPermission
+     "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+    permission java.util.PropertyPermission
+     "org.apache.el.parser.COERCE_TO_ZERO", "read";
+
+    // The cookie code needs these.
+    permission java.util.PropertyPermission
+     "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
+
+    // Applications using Comet need to be able to access this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";
+
+    // Applications using WebSocket need to be able to access this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket";
+};
+
+
+// The Manager application needs access to the following packages to support the
+// session display functionality. These settings support the following
+// configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+};
+grant codeBase "file:${catalina.home}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+};
+
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.base}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  <h3>Starting Tomcat With A SecurityManager</h3>
+
+  <p>Once you have configured the <code>catalina.policy</code> file for use
+  with a SecurityManager, Tomcat can be started with a SecurityManager in
+  place by using the "-security" option:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+$CATALINA_HOME/bin/catalina.sh start -security    (Unix)
+%CATALINA_HOME%\bin\catalina start -security      (Windows)
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Configuring Package Protection in Tomcat"><!--()--></a><a name="Configuring_Package_Protection_in_Tomcat"><strong>Configuring Package Protection in Tomcat</strong></a></font></td></tr><tr><td><blockquote>
+  <p>Starting with Tomcat 5, it is now possible to configure which Tomcat
+  internal package are protected againts package definition and access. See
+  <a href="http://java.sun.com/security/seccodeguide.html">
+    http://java.sun.com/security/seccodeguide.html</a>
+    for more information.</p>
+
+
+  <p><strong>WARNING</strong>: Be aware that removing the default package protection
+  could possibly open a security hole</p>
+
+  <h3>The Default Properties File</h3>
+
+  <p>The default <code>$CATALINA_BASE/conf/catalina.properties</code> file
+  looks like this:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,
+org.apache.jasper.
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, no packages are restricted for definition, and none of
+# the class loaders supplied with the JDK call checkPackageDefinition.
+#
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,
+org.apache.tomcat.,org.apache.jasper.
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+  <p>Once you have configured the <code>catalina.properties</code> file for use
+  with a SecurityManager, remember to re-start Tomcat.</p>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Troubleshooting"><strong>Troubleshooting</strong></a></font></td></tr><tr><td><blockquote>
+
+  <p>If your web application attempts to execute an operation that is
+  prohibited by lack of a required Permission, it will throw an
+  <code>AccessControLException</code> or a <code>SecurityException</code>
+  when the SecurityManager detects the violation.  Debugging the permission
+  that is missing can be challenging, and one option is to turn on debug
+  output of all security decisions that are made during execution.  This
+  is done by setting a system property before starting Tomcat.  The easiest
+  way to do this is via the <code>CATALINA_OPTS</code> environment variable.
+  Execute this command:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+export CATALINA_OPTS=-Djava.security.debug=all    (Unix)
+set CATALINA_OPTS=-Djava.security.debug=all       (Windows)
+</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  <p>before starting Tomcat.</p>
+
+  <p><strong>WARNING</strong> - This will generate <em>many megabytes</em>
+  of output!  However, it can help you track down problems by searching
+  for the word "FAILED" and determining which permission was being checked
+  for.  See the Java security documentation for more options that you can
+  specify here as well.</p>
+
+</blockquote></td></tr></table></td></tr><tr class="noPrint"><td width="20%" valign="top" nowrap class="noPrint"></td><td width="80%" valign="top" align="left"><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="comments_section" id="comments_section"><strong>Comments</strong></a></font></td></tr><tr><td><blockquote><p class="notice"><strong>Notice: </strong>This is not a Q&amp;A section.
+              The Apache Comments System is explained
+              <a href="/tomcat-8.0-doc/comments.html">here</a>.
+              Comments should be pointed towards suggestions on improving the documentation
+              or server, and may be removed again by our moderators if they are either
+              implemented or considered invalid/off-topic.
+              Questions on how to manage Apache Tomcat should be directed
+              to our <a href="http://tomcat.apache.org/lists.html">mailing lists</a>.</p><script type="text/javascript"><!--//--><![CDATA[//><!--
+              var comments_shortname = 'tomcat';
+              var comments_identifier = 'http://tomcat.apache.org/tomcat-8.0-doc/security-manager-howto.html';
+              (function(w, d) {
+                  if (w.location.hostname.toLowerCase() == "tomcat.apache.org") {
+                      d.write('<div id="comments_thread"><\/div>');
+                      var s = d.createElement('script');
+                      s.type = 'text/javascript';
+                      s.async = true;
+                      s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+                      (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+                  }
+                  else {
+                      d.write('<div id="comments_thread"><strong>Comments are disabled for this page at the moment.</strong><\/div>');
+                  }
+              })(window, document);
+              //--><!]]></script></blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+        Copyright &copy; 1999-2012, Apache Software Foundation
+        </em></font></div></td></tr></table></body></html>
\ No newline at end of file

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/security-manager-howto.html
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html?rev=1417624&view=auto
==============================================================================
--- tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html (added)
+++ tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html Wed Dec  5 20:20:35 2012
@@ -0,0 +1,34 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en" "http://www.w3.org/TR/REC-html40/strict.dtd">
+<html>
+    <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+    <title>API docs</title>
+</head>
+
+<body>
+
+The Servlet Javadoc is not installed by default. Download and install
+the "fulldocs" package to get it.
+
+You can also access the javadoc online in the Tomcat
+<a href="http://tomcat.apache.org/tomcat-8.0-doc/">
+documentation bundle</a>.
+
+</body>
+</html>

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: tomcat/site/trunk/docs/tomcat-8.0-doc/servletapi/index.html
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message