Chapter 5: Basic Tomcat Confi guration If you
Chapter 5: Basic Tomcat Confi guration If you look at the catalina.policy file, you see that the first set of permissions grant code from the Java compiler directories all access to all resources (this is essentially the Java compiler and runtime system code): // These permissions apply to javac grant codeBase file:${java.home}/lib/- { permission java.security.AllPermission; }; // These permissions apply to all shared system extensions grant codeBase file:${java.home}/jre/lib/ext/- { permission java.security.AllPermission; }; // These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre grant codeBase file:${java.home}/../lib/- { permission java.security.AllPermission; }; // These permissions apply to all shared system extensions when // ${java.home} points at $JAVA_HOME/jre grant codeBase file:${java.home}/lib/ext/- { permission java.security.AllPermission; }; One clear message here is that you must protect these directories using your operating system file- protection features (that is, via file ownership and permission settings). The next section grants Catalina server code, logging code, and API libraries access to all resources: // These permissions apply to the daemon code grant codeBase file:${catalina.home}/bin/commons-daemon.jar { permission java.security.AllPermission; }; // These permissions apply to the logging API grant codeBase file:${catalina.home}/bin/tomcat-juli.jar { permission java.security.AllPermission; }; // These permissions apply to the server startup code grant codeBase file:${catalina.home}/bin/bootstrap.jar { permission java.security.AllPermission; }; // These permissions apply to the servlet API classes // and those that are shared across all class loaders // located in the lib directory grant codeBase file:${catalina.home}/lib/- { permission java.security.AllPermission; }; Again, in a secure configuration, you must be careful to lock down the preceding directories, thus preventing an attacker from adding malicious code to them. Any class files introduced into these directories will automatically be granted access to all system resources. The final set contains the permissions given to Web applications by default. They are significantly more restrictive (that is, they are never granted the all-powerful permission java.security.AllPermission).
For high quality jboss hosting services please check jboss web hosting website.