More tomcat6 compatability changes.

CASA-auth-token/server-java/Svc/tomcat6/conf/catalina.policy

@@ -40,19 +40,26 @@ grant codeBase "file:${java.home}/lib/ext/-" {
 // ========== CATALINA CODE PERMISSIONS =======================================
 
 
-// These permissions apply to the launcher code
-grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
-        permission java.security.AllPermission;
-};
-
 // These permissions apply to the daemon code
 grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
         permission java.security.AllPermission;
 };
 
-// These permissions apply to the commons-logging API
+// These permissions apply to the logging API
-grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
-        permission java.security.AllPermission;
+        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+        permission java.lang.RuntimePermission "shutdownHooks";
+        permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+        permission java.util.PropertyPermission "catalina.base", "read";
+        permission java.util.logging.LoggingPermission "control";
+        permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
+        permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+        permission java.lang.RuntimePermission "getClassLoader";
+        // To enable per context logging configuration, permit read access to the appropriate file.
+        // Be sure that the logging configuration is secure before enabling such access
+        // eg for the examples web application:
+        // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
 };
 
 // These permissions apply to the server startup code
@@ -60,23 +67,13 @@ grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
         permission java.security.AllPermission;
 };
 
-// These permissions apply to the JMX server
-grant codeBase "file:${catalina.home}/bin/jmx.jar" {
-        permission java.security.AllPermission;
-};
-
 // These permissions apply to the servlet API classes
 // and those that are shared across all class loaders
-// located in the "common" directory
+// located in the "lib" directory
-grant codeBase "file:${catalina.home}/common/-" {
+grant codeBase "file:${catalina.home}/lib/-" {
         permission java.security.AllPermission;
 };
 
-// These permissions apply to the container's core code, plus any additional
-// libraries installed in the "server" directory
-grant codeBase "file:${catalina.home}/server/-" {
-        permission java.security.AllPermission;
-};
 
 // ========== WEB APPLICATION PERMISSIONS =====================================
 
@@ -104,31 +101,33 @@ grant {
     permission java.util.PropertyPermission "java.vendor", "read";
     permission java.util.PropertyPermission "java.vendor.url", "read";
     permission java.util.PropertyPermission "java.class.version", "read";
-	permission java.util.PropertyPermission "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.version", "read";
-	permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
-	permission java.util.PropertyPermission "java.specification.name", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
 
-	permission java.util.PropertyPermission "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission "java.vm.specification.version", "read";
-	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
-	permission java.util.PropertyPermission "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.specification.name", "read";
-	permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
-	permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
-	permission java.util.PropertyPermission "java.vm.name", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
 
     // Required for OpenJMX
     permission java.lang.RuntimePermission "getAttribute";
 
-	// Allow read of JAXP compliant XML parser debug
+    // Allow read of JAXP compliant XML parser debug
-	permission java.util.PropertyPermission "jaxp.debug", "read";
+    permission java.util.PropertyPermission "jaxp.debug", "read";
 
     // Precompiled JSPs need access to this package.
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
     
+    // Precompiled JSPs need access to this system property.
+    permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+
 };
 
 
-// You can assign additional permissions to particular web applications by
 // adding additional "grant" entries here, based on the code base for that
 // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
 //