// limitations under the License.
// ============================================================================
-// catalina.policy - Security Policy Permissions for Tomcat
+// catalina.policy - Security Policy Permissions for Tomcat 7
//
// This file contains a default set of security policies to be enforced (by the
// JVM) when Catalina is executed with the "-security" option. In addition
permission java.security.AllPermission;
};
-// These permissions apply to the logging API
-// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
-// update this section accordingly.
-// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
+
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.io.FilePermission
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
- permission java.lang.management.ManagementPermission "monitor";
-
permission java.util.logging.LoggingPermission "control";
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
permission java.util.PropertyPermission "catalina.base", "read";
- // Note: To enable per context logging configuration, permit read access to
- // the appropriate file. Be sure that the logging configuration is
- // secure before enabling such access.
- // E.g. for the examples web application (uncomment and unwrap
- // the following to be on a single line):
- // permission java.io.FilePermission "${catalina.base}${file.separator}
- // webapps${file.separator}examples${file.separator}WEB-INF
- // ${file.separator}classes${file.separator}logging.properties", "read";
+
};
// These permissions apply to the server startup code
};
-// If using a per instance lib directory, i.e. ${catalina.base}/lib,
-// then the following permission will need to be uncommented
-// grant codeBase "file:${catalina.base}/lib/-" {
-// permission java.security.AllPermission;
-// };
-
// ========== WEB APPLICATION PERMISSIONS =====================================
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
-// for all files and directories in its document root.
+// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
// Applications using Comet need to be able to access this package
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";
- // Applications using WebSocket need to be able to access these packages
+ // Applications using the legacy WebSocket implementation need to be able to access this package
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket";
+
+ // Applications using the JSR-356 WebSocket implementation need to be able to access these packages
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
};
// included a JDBC driver that needed to establish a network connection to the
// corresponding database and used the scrape taglib to get the weather from
// the NOAA web server. You might create a "grant" entries like this:
-//
-// The permissions granted to the context root directory apply to JSP pages.
-// grant codeBase "file:${catalina.base}/webapps/examples/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-//
-// The permissions granted to the context WEB-INF/classes directory
-// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
-// };
-//
-// The permission granted to your JDBC driver
-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
-// };
-// The permission granted to the scrape taglib
-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
-package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,\
+org.apache.naming.resources.,org.apache.tomcat.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
-#
-# Note: Values are enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
-common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"
+common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
#
# List of comma-separated paths defining the contents of the "server"
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
-#
-# Note: Values may be enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
server.loader=
#
# "foo/bar.jar": Add bar.jar as a class repository
# Please note that for single jars, e.g. bar.jar, you need the URL form
# starting with file:.
-#
-# Note: Values may be enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
shared.loader=
-# Default list of JAR files that should not be scanned using the JarScanner
+# List of JAR files that should not be scanned using the JarScanner
# functionality. This is typically used to scan JARs for configuration
# information. JARs that do not contain such information may be excluded from
# the scan to speed up the scanning process. This is the default list. JARs on
-# this list are excluded from all scans. The list must be a comma separated list
-# of JAR file names.
-# The list of JARs to skip may be over-ridden at a Context level for individual
-# scan types by configuring a JarScanner with a nested JarScanFilter.
+# this list are excluded from all scans. Scan specific lists (to exclude JARs
+# from individual scans) follow this. The list must be a comma separated list of
+# JAR file names.
# The JARs listed below include:
# - Tomcat Bootstrap JARs
# - Tomcat API JARs
# - Tomcat JARs
# - Common non-Tomcat JARs
# - Test JARs (JUnit, Cobertura and dependencies)
-tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\
+tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
-catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\
-catalina-tribes.jar,\
+catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
-tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\
-tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\
+tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
+tomcat-jni.jar,tomcat-spdy.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
-jstl.jar,taglibs-standard-spec-*.jar,\
+jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
-jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
+jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
-junit.jar,junit-*.jar,ant-launcher.jar,\
+junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
xom-*.jar
-# Default list of JAR files that should be scanned that overrides the default
-# jarsToSkip list above. This is typically used to include a specific JAR that
-# has been excluded by a broad file name pattern in the jarsToSkip list.
-# The list of JARs to scan may be over-ridden at a Context level for individual
-# scan types by configuring a JarScanner with a nested JarScanFilter.
-tomcat.util.scan.StandardJarScanFilter.jarsToScan=\
-log4j-core*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar
+# Additional JARs (over and above the default JARs listed above) to skip when
+# scanning for Servlet 3.0 pluggability features. These features include web
+# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
+# must be a comma separated list of JAR file names.
+org.apache.catalina.startup.ContextConfig.jarsToSkip=
+# Additional JARs (over and above the default JARs listed above) to skip when
+# scanning for TLDs. The list must be a comma separated list of JAR file names.
+org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
+
+#
# String cache configuration.
tomcat.util.buf.StringCache.byte.enabled=true
-#tomcat.util.buf.StringCache.char.enabled=true
-#tomcat.util.buf.StringCache.trainThreshold=500000
-#tomcat.util.buf.StringCache.cacheSize=5000
-<?xml version='1.0' encoding='utf-8'?>
+<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
<!--
<Manager pathname="" />
-->
-
- <!-- Uncomment this to enable Comet connection tacking (provides events
- on session expiration as well as webapp lifecycle) -->
- <!--
- <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
- -->
</Context>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<jaspic-providers xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml jaspic-providers.xsd"
- version="1.0">
- <!-- No JASPIC providers configured by default -->
-</jaspic-providers>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<xs:schema xmlns="http://www.w3.org/2001/XMLSchema"
- targetNamespace="http://tomcat.apache.org/xml"
- xmlns:jaspic="http://tomcat.apache.org/xml"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- attributeFormDefault="unqualified"
- version="1.0">
- <xs:element name="jaspic-providers">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="provider" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="property" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="name" use="required" type="jaspic:propertyname" />
- <xs:attribute name="value" use="required" type="xs:string" />
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="className" use="required" type="xs:string" />
- <xs:attribute name="layer" use="required" type="xs:string" />
- <xs:attribute name="appContext" use="required" type="xs:string" />
- <xs:attribute name="description" type="xs:string" />
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="version" type="xs:string" />
- </xs:complexType>
- </xs:element>
- <xs:simpleType name="propertyname">
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- </xs:restriction>
- </xs:simpleType>
-</xs:schema>
\ No newline at end of file
# To see debug messages in TldLocationsCache, uncomment the following line:
#org.apache.jasper.compiler.TldLocationsCache.level = FINE
+
+# To see debug messages for HTTP/2 handling, uncomment the following line:
+#org.apache.coyote.http2.level = FINE
+
+# To see debug messages for WebSocket handling, uncomment the following line:
+#org.apache.tomcat.websocket.level = FINE
-<?xml version="1.0" encoding="ISO-8859-1"?>
+<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
<!-- attribute values, should the rules in JSP.1.6 -->
<!-- for the escaping of quote characters be -->
<!-- strictly applied? [true] -->
- <!-- The default can be changed with the -->
- <!-- org.apache.jasper.compiler.Parser. -->
- <!-- STRICT_QUOTE_ESCAPING system property. -->
<!-- -->
<!-- quoteAttributeEL When EL is used in an attribute value on a -->
<!-- JSP page should the rules for quoting of -->
./instance-config.sh
# Start mysql
-# su mysql -c /usr/bin/mysqld_safe &
-service mysql start
+su mysql -c /usr/bin/mysqld_safe &
# Perform one-time config
if [ ! -e init.log ]; then
Code Review / vfc / nfvo / driver / vnfm / svnfm.git / commitdiff