tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From deniz <denizdurmu...@gmail.com>
Subject Re: Server starts but fails to get any reqs
Date Wed, 18 Jan 2012 03:08:41 GMT
here is my permissions in policy file : 



// ========== SYSTEM CODE PERMISSIONS
=========================================


// These permissions apply to javac
grant codeBase "file:${java.home}/lib/-" {
        permission java.security.AllPermission;
};

// These permissions apply to all shared system extensions
grant codeBase "file:${java.home}/jre/lib/ext/-" {
        permission java.security.AllPermission;
};

// These permissions apply to javac when ${java.home] points at
$JAVA_HOME/jre
grant codeBase "file:${java.home}/../lib/-" {
        permission java.security.AllPermission;
};

// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/lib/ext/-" {
        permission java.security.AllPermission;
};


// ========== CATALINA CODE PERMISSIONS
=======================================


// These permissions apply to the daemon code
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
        permission java.security.AllPermission;
};

// These permissions apply to the logging API
// Note: If tomcat-juli.jar is in ${catalina.base} and not in
${catalina.home},
// update this section accordingly.
//  grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.io.FilePermission
        
"${java.home}${file.separator}lib${file.separator}logging.properties",
"read";

        permission java.io.FilePermission
        
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
        permission java.io.FilePermission
         "${catalina.base}${file.separator}logs", "read, write";
        permission java.io.FilePermission
         "${catalina.base}${file.separator}logs${file.separator}*", "read,
write";

        permission java.lang.RuntimePermission "shutdownHooks";
        permission java.lang.RuntimePermission "getClassLoader";
        permission java.lang.RuntimePermission "setContextClassLoader";

        permission java.util.logging.LoggingPermission "control";

        permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
        permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
        permission java.util.PropertyPermission "catalina.base", "read";
     
        permission java.security.AllPermission;

        // Note: To enable per context logging configuration, permit read
access to
        // the appropriate file. Be sure that the logging configuration is
        // secure before enabling such access.
        // E.g. for the examples web application (uncomment and unwrap
        // the following to be on a single line):
        // permission java.io.FilePermission
"${catalina.base}${file.separator}
        //  webapps${file.separator}examples${file.separator}WEB-INF
        //  ${file.separator}classes${file.separator}logging.properties",
"read";
};

// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
        permission java.security.AllPermission;
};

// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
        permission java.security.AllPermission;
};


// If using a per instance lib directory, i.e. ${catalina.base}/lib,
// then the following permission will need to be uncommented
// grant codeBase "file:${catalina.base}/lib/-" {
//         permission java.security.AllPermission;
// };


// ========== WEB APPLICATION PERMISSIONS
=====================================


// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
    // Required for JNDI lookup of named JDBC DataSource's and
    // javamail named MimePart DataSource used to send mail
    permission java.util.PropertyPermission "java.home", "read";
    permission java.util.PropertyPermission "java.naming.*", "read";
    permission java.util.PropertyPermission "javax.sql.*", "read";

    // OS Specific properties to allow read access
    permission java.util.PropertyPermission "os.name", "read";
    permission java.util.PropertyPermission "os.version", "read";
    permission java.util.PropertyPermission "os.arch", "read";
    permission java.util.PropertyPermission "file.separator", "read";
    permission java.util.PropertyPermission "path.separator", "read";
    permission java.util.PropertyPermission "line.separator", "read";

    // JVM properties to allow read access
    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
    permission java.util.PropertyPermission "java.class.version", "read";
    permission java.util.PropertyPermission "java.specification.version",
"read";
    permission java.util.PropertyPermission "java.specification.vendor",
"read";
    permission java.util.PropertyPermission "java.specification.name",
"read";

    permission java.util.PropertyPermission "java.vm.specification.version",
"read";
    permission java.util.PropertyPermission "java.vm.specification.vendor",
"read";
    permission java.util.PropertyPermission "java.vm.specification.name",
"read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";

    // Required for OpenJMX
    permission java.lang.RuntimePermission "getAttribute";

    // Allow read of JAXP compliant XML parser debug
    permission java.util.PropertyPermission "jaxp.debug", "read";

    // All JSPs need to be able to read this package
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat";

    // Precompiled JSPs need access to these packages.
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.el";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
    permission java.lang.RuntimePermission
     "accessClassInPackage.org.apache.jasper.runtime.*";

    // Precompiled JSPs need access to these system properties.
    permission java.util.PropertyPermission
     "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
    permission java.util.PropertyPermission
     "org.apache.el.parser.COERCE_TO_ZERO", "read";

    // The cookie code needs these.
    permission java.util.PropertyPermission
     "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
    permission java.util.PropertyPermission
     "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
    permission java.util.PropertyPermission
     "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
"read";

    // Applications using Comet need to be able to access this package
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.comet";

    permission java.security.AllPermission;

};


// The Manager application needs access to the following packages to support
the
// session display functionality. These settings support the following
// configurations:
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
grant codeBase "file:${catalina.base}/webapps/manager/-" {
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
    permission java.security.AllPermission;

};
grant codeBase "file:${catalina.home}/webapps/manager/-" {
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
    permission java.security.AllPermission;

};

// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
//
// Different permissions can be granted to JSP pages, classes loaded from
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
// directory, or even to individual jar files in the /WEB-INF/lib/
directory.
//
// For instance, assume that the standard "examples" application
// included a JDBC driver that needed to establish a network connection to
the
// corresponding database and used the scrape taglib to get the weather from
// the NOAA web server.  You might create a "grant" entries like this:
//
// The permissions granted to the context root directory apply to JSP pages.
 grant codeBase "file:${catalina.base}/webapps/examples/-" {
      permission java.net.SocketPermission "dbhost.mycompany.com:5432",
"connect";
      permission java.net.SocketPermission "*:*", "connect";
 };
//
// The permissions granted to the context WEB-INF/classes directory
 grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
	permission java.security.AllPermission;
 };
//
// The permission granted to your JDBC driver
 grant codeBase
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
     permission java.security.AllPermission;
 };
// The permission granted to the scrape taglib
 grant codeBase
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
      permission java.net.SocketPermission "*:*", "connect";
 };






and for tomcat dir permits :

drwxrwxrwx@ 27 deniz      918 17 Jan 17:52 bin
drwxrwxrwx@ 10 deniz      340 18 Jan 11:07 conf
drwxrwxrwx@ 21 deniz      714 21 Nov 03:38 lib
drwxrwxrwx@ 28 deniz      952 18 Jan 10:49 logs
drwxrwxrwx@  3 deniz       102 21 Nov 03:38 temp
drwxrwxrwx@ 10 deniz      340 18 Jan 10:40 webapps
drwxrwxrwx@  3 deniz      102 12 Jan 16:28 work







--
View this message in context: http://tomcat.10.n6.nabble.com/Server-starts-but-fails-to-get-any-reqs-tp3697010p3705283.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message