Enabling Apache Tomcat Security Manager

CA Strong Authentication Administration Guide › Configuring Application Server › Enabling Apache Tomcat Security Manager

Enabling Apache Tomcat Security Manager

Perform the following steps to enable Tomcat Security Manager:

Add the security manager entries to the JAVA_OPTS environment variable, as follows:

export CATALINA_OPTS="-Djava.security.manager -Djava.security.policy=<Tomcat_Home>/conf/catalina.policy"

Navigate to the following Apache Tomcat installation location:
```
<Tomcat_Home>/conf/
```
Open catalina.policy file in a text editor.

Add the following code in the WEB APPLICATION PERMISSIONS section.

grant {
permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}arcotuds${file.separator}-", "read";
permission java.util.PropertyPermission "adb.converterutil", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.security.SecurityPermission "putProviderProperty.BC"; 
permission java.security.SecurityPermission "insertProvider.BC";  
permission java.security.SecurityPermission "putProviderProperty.SHAProvider";
permission java.io.FilePermission "${arcot.home}${file.separator}-", "read,write";        
permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
permission java.net.SocketPermission "*:1-1023", "connect,resolve";
};

Add the following section to grant permissions for Administration Console (arcotadmin) and User Data Service (arcotuds).

grant codeBase "file:${catalina.home}/webapps/arcotuds/-" {
permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
permission java.lang.RuntimePermission "accessClassInPackage.org.bouncycastle.asn1.*";
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.home}/webapps/arcotadmin/-" {
permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
permission java.security.AllPermission;
};

Save and close the file.
Restart Apache Tomcat.