Skip to content

Commit f94afe5

Browse files
mercyblitzmercyblitz
committed
commit lesson 5
1 parent 2815ee9 commit f94afe5

33 files changed

+5808
-0
lines changed

spring-boot/lesson-5/6月30日小马哥.png

573 KB
Loading

spring-boot/lesson-5/Servers/.project

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<projectDescription>
3+
<name>Servers</name>
4+
<comment></comment>
5+
<projects>
6+
</projects>
7+
<buildSpec>
8+
</buildSpec>
9+
<natures>
10+
</natures>
11+
</projectDescription>

spring-boot/lesson-5/Servers/.settings/org.eclipse.wst.server.core.prefs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#Fri Jun 30 21:03:59 CST 2017
2+
org.eclipse.wst.server.core.isServerProject=true
3+
eclipse.preferences.version=1

spring-boot/lesson-5/Servers/Tomcat v8.5 Server at localhost-config/catalina.policy

Lines changed: 278 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,278 @@
1+
// Licensed to the Apache Software Foundation (ASF) under one or more
2+
// contributor license agreements. See the NOTICE file distributed with
3+
// this work for additional information regarding copyright ownership.
4+
// The ASF licenses this file to You under the Apache License, Version 2.0
5+
// (the "License"); you may not use this file except in compliance with
6+
// the License. You may obtain a copy of the License at
7+
//
8+
// http://www.apache.org/licenses/LICENSE-2.0
9+
//
10+
// Unless required by applicable law or agreed to in writing, software
11+
// distributed under the License is distributed on an "AS IS" BASIS,
12+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
// See the License for the specific language governing permissions and
14+
// limitations under the License.
15+
16+
// ============================================================================
17+
// catalina.policy - Security Policy Permissions for Tomcat
18+
//
19+
// This file contains a default set of security policies to be enforced (by the
20+
// JVM) when Catalina is executed with the "-security" option. In addition
21+
// to the permissions granted here, the following additional permissions are
22+
// granted to each web application:
23+
//
24+
// * Read access to the web application's document root directory
25+
// * Read, write and delete access to the web application's working directory
26+
// ============================================================================
27+
28+
29+
// ========== SYSTEM CODE PERMISSIONS =========================================
30+
31+
32+
// These permissions apply to javac
33+
grant codeBase "file:${java.home}/lib/-" {
34+
permission java.security.AllPermission;
35+
};
36+
37+
// These permissions apply to all shared system extensions
38+
grant codeBase "file:${java.home}/jre/lib/ext/-" {
39+
permission java.security.AllPermission;
40+
};
41+
42+
// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
43+
grant codeBase "file:${java.home}/../lib/-" {
44+
permission java.security.AllPermission;
45+
};
46+
47+
// These permissions apply to all shared system extensions when
48+
// ${java.home} points at $JAVA_HOME/jre
49+
grant codeBase "file:${java.home}/lib/ext/-" {
50+
permission java.security.AllPermission;
51+
};
52+
53+
54+
// ========== CATALINA CODE PERMISSIONS =======================================
55+
56+
57+
// These permissions apply to the daemon code
58+
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
59+
permission java.security.AllPermission;
60+
};
61+
62+
// These permissions apply to the logging API
63+
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
64+
// update this section accordingly.
65+
// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
66+
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
67+
permission java.io.FilePermission
68+
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
69+
70+
permission java.io.FilePermission
71+
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
72+
permission java.io.FilePermission
73+
"${catalina.base}${file.separator}logs", "read, write";
74+
permission java.io.FilePermission
75+
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
76+
77+
permission java.lang.RuntimePermission "shutdownHooks";
78+
permission java.lang.RuntimePermission "getClassLoader";
79+
permission java.lang.RuntimePermission "setContextClassLoader";
80+
81+
permission java.lang.management.ManagementPermission "monitor";
82+
83+
permission java.util.logging.LoggingPermission "control";
84+
85+
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
86+
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
87+
permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
88+
permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
89+
permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
90+
permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
91+
permission java.util.PropertyPermission "catalina.base", "read";
92+
93+
// Note: To enable per context logging configuration, permit read access to
94+
// the appropriate file. Be sure that the logging configuration is
95+
// secure before enabling such access.
96+
// E.g. for the examples web application (uncomment and unwrap
97+
// the following to be on a single line):
98+
// permission java.io.FilePermission "${catalina.base}${file.separator}
99+
// webapps${file.separator}examples${file.separator}WEB-INF
100+
// ${file.separator}classes${file.separator}logging.properties", "read";
101+
};
102+
103+
// These permissions apply to the server startup code
104+
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
105+
permission java.security.AllPermission;
106+
};
107+
108+
// These permissions apply to the servlet API classes
109+
// and those that are shared across all class loaders
110+
// located in the "lib" directory
111+
grant codeBase "file:${catalina.home}/lib/-" {
112+
permission java.security.AllPermission;
113+
};
114+
115+
116+
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
117+
// then the following permission will need to be uncommented
118+
// grant codeBase "file:${catalina.base}/lib/-" {
119+
// permission java.security.AllPermission;
120+
// };
121+
122+
123+
// ========== WEB APPLICATION PERMISSIONS =====================================
124+
125+
126+
// These permissions are granted by default to all web applications
127+
// In addition, a web application will be given a read FilePermission
128+
// for all files and directories in its document root.
129+
grant {
130+
// Required for JNDI lookup of named JDBC DataSource's and
131+
// javamail named MimePart DataSource used to send mail
132+
permission java.util.PropertyPermission "java.home", "read";
133+
permission java.util.PropertyPermission "java.naming.*", "read";
134+
permission java.util.PropertyPermission "javax.sql.*", "read";
135+
136+
// OS Specific properties to allow read access
137+
permission java.util.PropertyPermission "os.name", "read";
138+
permission java.util.PropertyPermission "os.version", "read";
139+
permission java.util.PropertyPermission "os.arch", "read";
140+
permission java.util.PropertyPermission "file.separator", "read";
141+
permission java.util.PropertyPermission "path.separator", "read";
142+
permission java.util.PropertyPermission "line.separator", "read";
143+
144+
// JVM properties to allow read access
145+
permission java.util.PropertyPermission "java.version", "read";
146+
permission java.util.PropertyPermission "java.vendor", "read";
147+
permission java.util.PropertyPermission "java.vendor.url", "read";
148+
permission java.util.PropertyPermission "java.class.version", "read";
149+
permission java.util.PropertyPermission "java.specification.version", "read";
150+
permission java.util.PropertyPermission "java.specification.vendor", "read";
151+
permission java.util.PropertyPermission "java.specification.name", "read";
152+
153+
permission java.util.PropertyPermission "java.vm.specification.version", "read";
154+
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
155+
permission java.util.PropertyPermission "java.vm.specification.name", "read";
156+
permission java.util.PropertyPermission "java.vm.version", "read";
157+
permission java.util.PropertyPermission "java.vm.vendor", "read";
158+
permission java.util.PropertyPermission "java.vm.name", "read";
159+
160+
// Required for OpenJMX
161+
permission java.lang.RuntimePermission "getAttribute";
162+
163+
// Allow read of JAXP compliant XML parser debug
164+
permission java.util.PropertyPermission "jaxp.debug", "read";
165+
166+
// All JSPs need to be able to read this package
167+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
168+
169+
// Precompiled JSPs need access to these packages.
170+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
171+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
172+
permission java.lang.RuntimePermission
173+
"accessClassInPackage.org.apache.jasper.runtime.*";
174+
175+
// Precompiled JSPs need access to these system properties.
176+
permission java.util.PropertyPermission
177+
"org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
178+
permission java.util.PropertyPermission
179+
"org.apache.el.parser.COERCE_TO_ZERO", "read";
180+
181+
// The cookie code needs these.
182+
permission java.util.PropertyPermission
183+
"org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
184+
permission java.util.PropertyPermission
185+
"org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
186+
permission java.util.PropertyPermission
187+
"org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
188+
189+
// Applications using WebSocket need to be able to access these packages
190+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
191+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
192+
193+
// Applications need to access these packages to use the Servlet 4.0 Preview
194+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlet4preview";
195+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlet4preview.http";
196+
};
197+
198+
199+
// The Manager application needs access to the following packages to support the
200+
// session display functionality. It also requires the custom Tomcat
201+
// DeployXmlPermission to enable the use of META-INF/context.xml
202+
// These settings support the following configurations:
203+
// - default CATALINA_HOME == CATALINA_BASE
204+
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
205+
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
206+
grant codeBase "file:${catalina.base}/webapps/manager/-" {
207+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
208+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
209+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
210+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
211+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
212+
permission org.apache.catalina.security.DeployXmlPermission "manager";
213+
};
214+
grant codeBase "file:${catalina.home}/webapps/manager/-" {
215+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
216+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
217+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
218+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
219+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
220+
permission org.apache.catalina.security.DeployXmlPermission "manager";
221+
};
222+
223+
// The Host Manager application needs the custom Tomcat DeployXmlPermission to
224+
// enable the use of META-INF/context.xml
225+
// These settings support the following configurations:
226+
// - default CATALINA_HOME == CATALINA_BASE
227+
// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
228+
// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
229+
grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
230+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
231+
};
232+
grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
233+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
234+
};
235+
236+
237+
// You can assign additional permissions to particular web applications by
238+
// adding additional "grant" entries here, based on the code base for that
239+
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
240+
//
241+
// Different permissions can be granted to JSP pages, classes loaded from
242+
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
243+
// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
244+
//
245+
// For instance, assume that the standard "examples" application
246+
// included a JDBC driver that needed to establish a network connection to the
247+
// corresponding database and used the scrape taglib to get the weather from
248+
// the NOAA web server. You might create a "grant" entries like this:
249+
//
250+
// The permissions granted to the context root directory apply to JSP pages.
251+
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
252+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
253+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
254+
// };
255+
//
256+
// The permissions granted to the context WEB-INF/classes directory
257+
// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
258+
// };
259+
//
260+
// The permission granted to your JDBC driver
261+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
262+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
263+
// };
264+
// The permission granted to the scrape taglib
265+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
266+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
267+
// };
268+
269+
// To grant permissions for web applications using packed WAR files, use the
270+
// Tomcat specific WAR url scheme.
271+
//
272+
// The permissions granted to the entire web application
273+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
274+
// };
275+
//
276+
// The permissions granted to a specific JAR
277+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
278+
// };

0 commit comments

Comments
 (0)