40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
--- conf/catalina.policy.orig 2021-06-08 09:27:09.295927384 -0400
|
|
+++ conf/catalina.policy 2021-06-08 09:26:32.056019150 -0400
|
|
@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
+// This permission is required when using javac to compile JSPs on Java 9
|
|
+// onwards
|
|
+grant codeBase "jrt:/jdk.compiler" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+
|
|
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
|
+
|
|
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
|
+// Specifying the individual jars that tomcat needs to function with the security manager
|
|
+// is the safest way forward.
|
|
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+grant codeBase "file:/usr/share/java/ant.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+grant codeBase "file:/usr/share/java/ant-launcher.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
|
|
+ permission java.security.AllPermission;
|
|
+};
|
|
+
|
|
|
|
// ========== CATALINA CODE PERMISSIONS =======================================
|
|
|