File tomcat-7.0-sle.catalina.policy.patch of Package tomcat.7194
--- a/conf/catalina.policy.orig 2017-10-23 15:18:18.702535744 +0200
+++ b/conf/catalina.policy 2017-10-23 15:51:39.207494630 +0200
@@ -95,6 +95,7 @@
// ${file.separator}classes${file.separator}logging.properties", "read";
};
+
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
@@ -107,7 +108,6 @@
permission java.security.AllPermission;
};
-
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
// then the following permission will need to be uncommented
// grant codeBase "file:${catalina.base}/lib/-" {
@@ -162,6 +162,9 @@
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
// Precompiled JSPs need access to these packages.
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
@@ -231,6 +234,15 @@
};
+// Additional basic permissions for web applications.
+grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
+ permission java.security.AllPermission;
+};
+
// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
@@ -262,4 +274,3 @@
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };
-
