- First of all download the latest Tomcat and axis2.war.
- Read Tomcat Security Manager HOW-TO
- Setup Tomcat and deploy axis2.war.
- Edit
<TOMCAT install dir>/conf/catalina.policy file and add the next:
grant {
permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/-", "read";
permission java.lang.RuntimePermission "getClassLoader";
}
grant codeBase "file:${catalina.home}/webapps/axis2/-" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "checkPropertiesAccess";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.deploy";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.util.PropertyPermission "*", "read,write";
permission java.net.SocketPermission "localhost:8080", "resolve, connect";
permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/modules/*", "read,write";
permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/services/*", "read,write";
permission java.io.FilePermission "${catalina.home}/common/classes", "read";
permission java.io.FilePermission "${catalina.home}/shared/classes", "read";
permission java.io.FilePermission "${catalina.base}/common/classes", "read";
permission java.io.FilePermission "${catalina.base}/shared/classes", "read";
permission java.io.FilePermission "${catalina.home}/common/i18n/*", "read";
permission java.io.FilePermission "${catalina.home}/common/lib/*", "read";
permission java.io.FilePermission "${catalina.home}/lib", "read";
permission java.io.FilePermission "${catalina.home}/lib/*", "read";
permission java.io.FilePermission "${catalina.home}/bin/*", "read";
permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/scriptServices/*", "read";
permission java.io.FilePermission "${java.home}/lib/ext/*", "read";
permission java.io.FilePermission "${catalina.base}/webapps/axis2/WEB-INF/web.xml", "read";
permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read, write, delete";
permission java.io.FilePermission "${java.io.tmpdir}", "read, write, delete";
};
- Start Tomcat with SecurityManager:
$CATALINA_HOME/bin/catalina.sh start -security (Unix)
%CATALINA_HOME%\bin\catalina start -security (Windows)
- Verify axis2 "HappyAxis" page as follows: http://localhost:8080/axis2/axis2-web/HappyAxis.jsp
NOTE: other application servers can and have different security policy file options/permissions.
