Gitiles
Code Review Sign In
source.supwisdom.com / UniIdentify / tomcat / 67d615191938bb60e9b73af6701f5339749950ca / . / tomcat-cas / webapps / docs / security-manager-howto.html
blob: 2f871d2fc09679bf6bcd97d7215548bed79bdfc5 [file] [log] [blame]
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame]1<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.41) - Security Manager HOW-TO</title><meta name="author" content="Glenn Nielsen"><meta name="author" content="Jean-Francois Arcand"><style type="text/css" media="print">
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]2 .noPrint {display: none;}
3 td#mainBody {width: 100%;}
4 </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
5 The Apache Tomcat Servlet/JSP Container
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame]6 " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.41, May 19 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Security Manager HOW-TO</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]7<ul><li><a href="#Background">Background</a></li><li><a href="#Permissions">Permissions</a><ol><li><a href="#Standard_Permissions">Standard Permissions</a></li><li><a href="#Tomcat_Custom_Permissions">Tomcat Custom Permissions</a></li></ol></li><li><a href="#Configuring_Tomcat_With_A_SecurityManager">Configuring Tomcat With A SecurityManager</a></li><li><a href="#Configuring_Package_Protection_in_Tomcat">Configuring Package Protection in Tomcat</a></li><li><a href="#Troubleshooting">Troubleshooting</a></li></ul>
8</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Background"><strong>Background</strong></a></font></td></tr><tr><td><blockquote>
9
10 <p>The Java <strong>SecurityManager</strong> is what allows a web browser
11 to run an applet in its own sandbox to prevent untrusted code from
12 accessing files on the local file system, connecting to a host other
13 than the one the applet was loaded from, and so on. In the same way
14 the SecurityManager protects you from an untrusted applet running in
15 your browser, use of a SecurityManager while running Tomcat can protect
16 your server from trojan servlets, JSPs, JSP beans, and tag libraries.
17 Or even inadvertent mistakes.</p>
18
19 <p>Imagine if someone who is authorized to publish JSPs on your site
20 inadvertently included the following in their JSP:</p>
21<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
22&lt;% System.exit(1); %&gt;
23</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
24
25 <p>Every time this JSP was executed by Tomcat, Tomcat would exit.
26 Using the Java SecurityManager is just one more line of defense a
27 system administrator can use to keep the server secure and reliable.</p>
28
29 <p><strong>WARNING</strong> - A security audit
30 have been conducted using the Tomcat 6 codebase. Most of the critical
31 package have been protected and a new security package protection mechanism
32 has been implemented. Still, make sure that you are satisfied with your SecurityManager
33 configuration before allowing untrusted users to publish web applications,
34 JSPs, servlets, beans, or tag libraries. <strong>However, running with a
35 SecurityManager is definitely better than running without one.</strong></p>
36
37</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Permissions"><strong>Permissions</strong></a></font></td></tr><tr><td><blockquote>
38
39 <p>Permission classes are used to define what Permissions a class loaded
40 by Tomcat will have. There are a number of Permission classes that are
41 a standard part of the JDK, and you can create your own Permission class
42 for use in your own web applications. Both techniques are used in
43 Tomcat 6.</p>
44
45
46 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Standard Permissions"><!--()--></a><a name="Standard_Permissions"><strong>Standard Permissions</strong></a></font></td></tr><tr><td><blockquote>
47
48 <p>This is just a short summary of the standard system SecurityManager
49 Permission classes applicable to Tomcat. See
50 <a href="http://java.sun.com/security/">http://java.sun.com/security/</a>
51 for more information.</p>
52
53 <ul>
54 <li><strong>java.util.PropertyPermission</strong> - Controls read/write
55 access to JVM properties such as <code>java.home</code>.</li>
56 <li><strong>java.lang.RuntimePermission</strong> - Controls use of
57 some System/Runtime functions like <code>exit()</code> and
58 <code>exec()</code>. Also control the package access/definition.</li>
59 <li><strong>java.io.FilePermission</strong> - Controls read/write/execute
60 access to files and directories.</li>
61 <li><strong>java.net.SocketPermission</strong> - Controls use of
62 network sockets.</li>
63 <li><strong>java.net.NetPermission</strong> - Controls use of
64 multicast network connections.</li>
65 <li><strong>java.lang.reflect.ReflectPermission</strong> - Controls
66 use of reflection to do class introspection.</li>
67 <li><strong>java.security.SecurityPermission</strong> - Controls access
68 to Security methods.</li>
69 <li><strong>java.security.AllPermission</strong> - Allows access to all
70 permissions, just as if you were running Tomcat without a
71 SecurityManager.</li>
72 </ul>
73
74 </blockquote></td></tr></table>
75
76
77 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat Custom Permissions"><!--()--></a><a name="Tomcat_Custom_Permissions"><strong>Tomcat Custom Permissions</strong></a></font></td></tr><tr><td><blockquote>
78
79 <p>Tomcat utilizes a custom permission class called
80 <strong>org.apache.naming.JndiPermission</strong>. This permission
81 controls read access to JNDI named file based resources. The permission
82 name is the JNDI name and there are no actions. A trailing "*" can be
83 used to do wild card matching for a JNDI named file resource when
84 granting permission. For example, you might include the following
85 in your policy file:</p>
86<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
87permission org.apache.naming.JndiPermission "jndi://localhost/examples/*";
88</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
89
90 <p>A Permission entry like this is generated dynamically for each web
91 application that is deployed, to allow it to read its own static resources
92 but disallow it from using file access to read any other files (unless
93 permissions for those files are explicitly granted).</p>
94
95 <p>Also, Tomcat always dynamically creates the following file permissions:</p>
96<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
97permission java.io.FilePermission "** your application context**", "read";
98
99permission java.io.FilePermission
100 "** application working directory**", "read,write";
101permission java.io.FilePermission
102 "** application working directory**/-", "read,write,delete";
103</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
104 <p>Where **your application context** equals the folder (or WAR file) under which
105 your application has been deployed and **application working directory** is the
106 temporary directory provided to your application as required by the
107 Servlet Specification.</p>
108
109 </blockquote></td></tr></table>
110
111
112</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Configuring Tomcat With A SecurityManager"><!--()--></a><a name="Configuring_Tomcat_With_A_SecurityManager"><strong>Configuring Tomcat With A SecurityManager</strong></a></font></td></tr><tr><td><blockquote>
113
114 <h3>Policy File Format</h3>
115
116 <p>The security policies implemented by the Java SecurityManager are
117 configured in the <code>$CATALINA_BASE/conf/catalina.policy</code> file.
118 This file completely replaces the <code>java.policy</code> file present
119 in your JDK system directories. The <code>catalina.policy</code> file
120 can be edited by hand, or you can use the
121 <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyGuide.html">policytool</a>
122 application that comes with Java 1.2 or later.</p>
123
124 <p>Entries in the <code>catalina.policy</code> file use the standard
125 <code>java.policy</code> file format, as follows:</p>
126<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
127// Example policy file entry
128
129grant [signedBy &lt;signer&gt;,] [codeBase &lt;code source&gt;] {
130 permission &lt;class&gt; [&lt;name&gt; [, &lt;action list&gt;]];
131};
132</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
133
134 <p>The <strong>signedBy</strong> and <strong>codeBase</strong> entries are
135 optional when granting permissions. Comment lines begin with "//" and
136 end at the end of the current line. The <code>codeBase</code> is in the
137 form of a URL, and for a file URL can use the <code>${java.home}</code>
138 and <code>${catalina.home}</code> properties (which are expanded out to
139 the directory paths defined for them by the <code>JAVA_HOME</code>,
140 <code>CATALINA_HOME</code> and <code>CATALINA_BASE</code> environment
141 variables).</p>
142
143 <h3>The Default Policy File</h3>
144
145 <p>The default <code>$CATALINA_BASE/conf/catalina.policy</code> file
146 looks like this:</p>
147
148
149<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>// Licensed to the Apache Software Foundation (ASF) under one or more
150// contributor license agreements. See the NOTICE file distributed with
151// this work for additional information regarding copyright ownership.
152// The ASF licenses this file to You under the Apache License, Version 2.0
153// (the "License"); you may not use this file except in compliance with
154// the License. You may obtain a copy of the License at
155//
156// http://www.apache.org/licenses/LICENSE-2.0
157//
158// Unless required by applicable law or agreed to in writing, software
159// distributed under the License is distributed on an "AS IS" BASIS,
160// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
161// See the License for the specific language governing permissions and
162// limitations under the License.
163
164// ============================================================================
165// catalina.policy - Security Policy Permissions for Tomcat @VERSION_MAJOR@
166//
167// This file contains a default set of security policies to be enforced (by the
168// JVM) when Catalina is executed with the "-security" option. In addition
169// to the permissions granted here, the following additional permissions are
170// granted to the codebase specific to each web application:
171//
172// * Read access to its document root directory
173// * Read, write and delete access to its working directory
174// ============================================================================
175
176
177// ========== SYSTEM CODE PERMISSIONS =========================================
178
179
180// These permissions apply to javac
181grant codeBase "file:${java.home}/lib/-" {
182 permission java.security.AllPermission;
183};
184
185// These permissions apply to all shared system extensions
186grant codeBase "file:${java.home}/jre/lib/ext/-" {
187 permission java.security.AllPermission;
188};
189
190// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
191grant codeBase "file:${java.home}/../lib/-" {
192 permission java.security.AllPermission;
193};
194
195// These permissions apply to all shared system extensions when
196// ${java.home} points at $JAVA_HOME/jre
197grant codeBase "file:${java.home}/lib/ext/-" {
198 permission java.security.AllPermission;
199};
200
201
202// ========== CATALINA CODE PERMISSIONS =======================================
203
204
205// These permissions apply to the daemon code
206grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
207 permission java.security.AllPermission;
208};
209
210// These permissions apply to the logging API
211// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
212// update this section accordingly.
213// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
214grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
215 permission java.io.FilePermission
216 "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
217
218 permission java.io.FilePermission
219 "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
220 permission java.io.FilePermission
221 "${catalina.base}${file.separator}logs", "read, write";
222 permission java.io.FilePermission
223 "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
224
225 permission java.lang.RuntimePermission "shutdownHooks";
226 permission java.lang.RuntimePermission "getClassLoader";
227 permission java.lang.RuntimePermission "setContextClassLoader";
228
229 permission java.util.logging.LoggingPermission "control";
230
231 permission java.util.PropertyPermission "java.util.logging.config.class", "read";
232 permission java.util.PropertyPermission "java.util.logging.config.file", "read";
233 permission java.util.PropertyPermission "catalina.base", "read";
234
235 // Note: To enable per context logging configuration, permit read access to
236 // the appropriate file. Be sure that the logging configuration is
237 // secure before enabling such access.
238 // E.g. for the examples web application (uncomment and unwrap
239 // the following to be on a single line):
240 // permission java.io.FilePermission "${catalina.base}${file.separator}
241 // webapps${file.separator}examples${file.separator}WEB-INF
242 // ${file.separator}classes${file.separator}logging.properties", "read";
243};
244
245// These permissions apply to the server startup code
246grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
247 permission java.security.AllPermission;
248};
249
250// These permissions apply to the servlet API classes
251// and those that are shared across all class loaders
252// located in the "lib" directory
253grant codeBase "file:${catalina.home}/lib/-" {
254 permission java.security.AllPermission;
255};
256
257
258// If using a per instance lib directory, i.e. ${catalina.base}/lib,
259// then the following permission will need to be uncommented
260// grant codeBase "file:${catalina.base}/lib/-" {
261// permission java.security.AllPermission;
262// };
263
264
265// ========== WEB APPLICATION PERMISSIONS =====================================
266
267
268// These permissions are granted by default to all web applications
269// In addition, a web application will be given a read FilePermission
270// and JndiPermission for all files and directories in its document root.
271grant {
272 // Required for JNDI lookup of named JDBC DataSource's and
273 // javamail named MimePart DataSource used to send mail
274 permission java.util.PropertyPermission "java.home", "read";
275 permission java.util.PropertyPermission "java.naming.*", "read";
276 permission java.util.PropertyPermission "javax.sql.*", "read";
277
278 // OS Specific properties to allow read access
279 permission java.util.PropertyPermission "os.name", "read";
280 permission java.util.PropertyPermission "os.version", "read";
281 permission java.util.PropertyPermission "os.arch", "read";
282 permission java.util.PropertyPermission "file.separator", "read";
283 permission java.util.PropertyPermission "path.separator", "read";
284 permission java.util.PropertyPermission "line.separator", "read";
285
286 // JVM properties to allow read access
287 permission java.util.PropertyPermission "java.version", "read";
288 permission java.util.PropertyPermission "java.vendor", "read";
289 permission java.util.PropertyPermission "java.vendor.url", "read";
290 permission java.util.PropertyPermission "java.class.version", "read";
291 permission java.util.PropertyPermission "java.specification.version", "read";
292 permission java.util.PropertyPermission "java.specification.vendor", "read";
293 permission java.util.PropertyPermission "java.specification.name", "read";
294
295 permission java.util.PropertyPermission "java.vm.specification.version", "read";
296 permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
297 permission java.util.PropertyPermission "java.vm.specification.name", "read";
298 permission java.util.PropertyPermission "java.vm.version", "read";
299 permission java.util.PropertyPermission "java.vm.vendor", "read";
300 permission java.util.PropertyPermission "java.vm.name", "read";
301
302 // Required for OpenJMX
303 permission java.lang.RuntimePermission "getAttribute";
304
305 // Allow read of JAXP compliant XML parser debug
306 permission java.util.PropertyPermission "jaxp.debug", "read";
307
308 // Precompiled JSPs need access to these packages.
309 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
310 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
311 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
312
313 // Precompiled JSPs need access to these system properties.
314 permission java.util.PropertyPermission
315 "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
316 permission java.util.PropertyPermission "org.apache.el.parser.COERCE_TO_ZERO", "read";
317};
318
319
320// The Manager application needs access to the following packages to support the
321// session display functionality. These settings support the following
322// configurations:
323// - default CATALINA_HOME == CATALINA_BASE
324// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
325// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
326grant codeBase "file:${catalina.base}/webapps/manager/-" {
327 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
328 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
329 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
330};
331grant codeBase "file:${catalina.home}/webapps/manager/-" {
332 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
333 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
334 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
335};
336
337// You can assign additional permissions to particular web applications by
338// adding additional "grant" entries here, based on the code base for that
339// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
340//
341// Different permissions can be granted to JSP pages, classes loaded from
342// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
343// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
344//
345// For instance, assume that the standard "examples" application
346// included a JDBC driver that needed to establish a network connection to the
347// corresponding database and used the scrape taglib to get the weather from
348// the NOAA web server. You might create a "grant" entries like this:
349//
350// The permissions granted to the context root directory apply to JSP pages.
351// grant codeBase "file:${catalina.base}/webapps/examples/-" {
352// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
353// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
354// };
355//
356// The permissions granted to the context WEB-INF/classes directory
357// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
358// };
359//
360// The permission granted to your JDBC driver
361// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
362// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
363// };
364// The permission granted to the scrape taglib
365// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
366// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
367// };
368
369</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
370
371 <h3>Starting Tomcat With A SecurityManager</h3>
372
373 <p>Once you have configured the <code>catalina.policy</code> file for use
374 with a SecurityManager, Tomcat can be started with a SecurityManager in
375 place by using the "-security" option:</p>
376<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
377$CATALINA_HOME/bin/catalina.sh start -security (Unix)
378%CATALINA_HOME%\bin\catalina start -security (Windows)
379</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
380
381</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Configuring Package Protection in Tomcat"><!--()--></a><a name="Configuring_Package_Protection_in_Tomcat"><strong>Configuring Package Protection in Tomcat</strong></a></font></td></tr><tr><td><blockquote>
382 <p>Starting with Tomcat 5, it is now possible to configure which Tomcat
383 internal package are protected againts package definition and access. See
384 <a href="http://java.sun.com/security/seccodeguide.html">
385 http://java.sun.com/security/seccodeguide.html</a>
386 for more information.</p>
387
388
389 <p><strong>WARNING</strong>: Be aware that removing the default package protection
390 could possibly open a security hole</p>
391
392 <h3>The Default Properties File</h3>
393
394 <p>The default <code>$CATALINA_BASE/conf/catalina.properties</code> file
395 looks like this:</p>
396<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
397#
398# List of comma-separated packages that start with or equal this string
399# will cause a security exception to be thrown when
400# passed to checkPackageAccess unless the
401# corresponding RuntimePermission ("accessClassInPackage."+package) has
402# been granted.
403package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,
404org.apache.jasper.
405#
406# List of comma-separated packages that start with or equal this string
407# will cause a security exception to be thrown when
408# passed to checkPackageDefinition unless the
409# corresponding RuntimePermission ("defineClassInPackage."+package) has
410# been granted.
411#
412# by default, no packages are restricted for definition, and none of
413# the class loaders supplied with the JDK call checkPackageDefinition.
414#
415package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,
416org.apache.tomcat.,org.apache.jasper.
417</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
418 <p>Once you have configured the <code>catalina.properties</code> file for use
419 with a SecurityManager, remember to re-start Tomcat.</p>
420</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Troubleshooting"><strong>Troubleshooting</strong></a></font></td></tr><tr><td><blockquote>
421
422 <p>If your web application attempts to execute an operation that is
423 prohibited by lack of a required Permission, it will throw an
424 <code>AccessControLException</code> or a <code>SecurityException</code>
425 when the SecurityManager detects the violation. Debugging the permission
426 that is missing can be challenging, and one option is to turn on debug
427 output of all security decisions that are made during execution. This
428 is done by setting a system property before starting Tomcat. The easiest
429 way to do this is via the <code>CATALINA_OPTS</code> environment variable.
430 Execute this command:</p>
431<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
432export CATALINA_OPTS=-Djava.security.debug=all (Unix)
433set CATALINA_OPTS=-Djava.security.debug=all (Windows)
434</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
435
436 <p>before starting Tomcat.</p>
437
438 <p><strong>WARNING</strong> - This will generate <em>many megabytes</em>
439 of output! However, it can help you track down problems by searching
440 for the word "FAILED" and determining which permission was being checked
441 for. See the Java security documentation for more options that you can
442 specify here as well.</p>
443
444</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
445 Copyright &copy; 1999-2014, Apache Software Foundation
446 </em></font></div></td></tr></table></body></html>