Sunday, April 17, 2011

Axis2 and Tomcat work together with SecurityManager

  1. First of all download the latest Tomcat and axis2.war.
  2. Read Tomcat Security Manager HOW-TO
  3. Setup Tomcat and deploy axis2.war.
  4. Edit <TOMCAT install dir>/conf/catalina.policy file and add the next:
  5. grant {
        permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/-", "read";
        permission java.lang.RuntimePermission "getClassLoader";
    }
    
    grant codeBase "file:${catalina.home}/webapps/axis2/-" {
        permission java.lang.RuntimePermission "createClassLoader";  
        permission java.lang.RuntimePermission "setContextClassLoader";  
        permission java.lang.RuntimePermission "checkPropertiesAccess";  
        permission java.lang.RuntimePermission "getClassLoader";  
        permission java.lang.RuntimePermission "getProtectionDomain";  
        permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime";  
        permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.deploy";
        permission java.lang.RuntimePermission "shutdownHooks";  
        permission java.lang.RuntimePermission "accessDeclaredMembers";  
        permission java.util.PropertyPermission "*", "read,write";  
        permission java.net.SocketPermission "localhost:8080", "resolve, connect";  
        permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/modules/*", "read,write";  
        permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/services/*", "read,write";  
        permission java.io.FilePermission "${catalina.home}/common/classes", "read";  
        permission java.io.FilePermission "${catalina.home}/shared/classes", "read";  
        permission java.io.FilePermission "${catalina.base}/common/classes", "read";  
        permission java.io.FilePermission "${catalina.base}/shared/classes", "read";  
        permission java.io.FilePermission "${catalina.home}/common/i18n/*", "read";  
        permission java.io.FilePermission "${catalina.home}/common/lib/*", "read";  
        permission java.io.FilePermission "${catalina.home}/lib", "read";  
        permission java.io.FilePermission "${catalina.home}/lib/*", "read";  
        permission java.io.FilePermission "${catalina.home}/bin/*", "read";  
        permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/scriptServices/*", "read";  
        permission java.io.FilePermission "${java.home}/lib/ext/*", "read";  
        permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/web.xml", "read";  
        permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read, write, delete"; 
        permission java.io.FilePermission "${java.io.tmpdir}", "read, write, delete";
    };
    
    
  6. Start Tomcat with SecurityManager: 
  7. $CATALINA_HOME/bin/catalina.sh start -security    (Unix)
    %CATALINA_HOME%\bin\catalina start -security      (Windows)
    
  8. Verify axis2 "HappyAxis" page as follows: http://localhost:8080/axis2/axis2-web/HappyAxis.jsp
NOTE: other application servers can and have different security policy file options/permissions.

No comments:

Post a Comment