CA RiskMinder Windows Installation Guide › Configuring Application Server for Database Connection Pooling › Enabling Apache Tomcat Security Manager

Enabling Apache Tomcat Security Manager

If you notice that RiskMinder does not work on Apache Tomcat if the Java Security Manager is enabled, then to enable Tomcat Security Manager to work with RiskMinder:

1. Navigate to the following Apache Tomcat installation location:

   <Tomcat_Home>\bin\
   

2. Double-click the tomcat<version>w.exe file.

   The Apache Tomcat Properties dialog box appears.

3. Activate the Java tab.
4. In the Java Options section, add the following entries:
   • -Djava.security.manager
   • -Djava.security.policy=<Tomcat_Home>\conf\catalina.policy
5. Click Apply to save the changes.
6. Click OK to close the Apache Tomcat Properties dialog box.
7. Navigate to the following Apache Tomcat location:

   <Tomcat_Home>\conf\
   

8. Open the catalina.policy file in a text editor of your choice.
9. Add the following code in the WEB APPLICATION PERMISSIONS section.

   grant {
   permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}arcotuds${file.separator}-", "read";
   permission java.util.PropertyPermission "adb.converterutil", "read";
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.security.SecurityPermission "putProviderProperty.BC"; 
   permission java.security.SecurityPermission "insertProvider.BC";  
   permission java.security.SecurityPermission "putProviderProperty.SHAProvider";
   permission java.io.FilePermission "${arcot.home}${file.separator}-", "read,write";        
   permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
   permission java.net.SocketPermission "*:1-1023", "connect,resolve";
   };
   

10. Add the following section to grant permission for Administration Console (arcotadmin) and User Data Service (arcotuds).

    grant codeBase "file:${catalina.home}/webapps/arcotuds/-" {
    permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
    permission java.lang.RuntimePermission "accessClassInPackage.org.bouncycastle.asn1.*";
    permission java.security.AllPermission;
    };
    grant codeBase "file:${catalina.home}/webapps/arcotadmin/-" {
    permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
    permission java.security.AllPermission;
    };
    

11. Save and close the file.
12. Restart Apache Tomcat.