Previous Topic: JBoss Application ServerNext Topic: Deploying Administration Console on IBM WebSphere 7.0

CA RiskMinder UNIX Installation GuideConfiguring Application Server for Database Connection PoolingEnabling Apache Tomcat Security Manager

Enabling Apache Tomcat Security Manager

If you notice that RiskMinder does not work on Apache Tomcat after the Java Security Manager is enabled, then to enable Tomcat Security Manager to work with Advanced Authentication applications:

  1. Add the security manager entries to the JAVA_OPTS environment variable, as follows: 
    export CATALINA_OPTS="-Djava.security.manager -Djava.security.policy=<Tomcat_Home>/conf/catalina.policy"
  2. Navigate to the following Apache Tomcat location: 
    <Tomcat_Home>/conf/
  3. Open the catalina.policy file in a text editor of your choice.
  4. Add the following code in the WEB APPLICATION PERMISSIONS section. 
    grant {
permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}arcotuds${file.separator}-", "read";
permission java.util.PropertyPermission "adb.converterutil", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.security.SecurityPermission "putProviderProperty.BC"; 
permission java.security.SecurityPermission "insertProvider.BC";  
permission java.security.SecurityPermission "putProviderProperty.SHAProvider";
permission java.io.FilePermission "${arcot.home}${file.separator}-", "read,write";        
permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
permission java.net.SocketPermission "*:1-1023", "connect,resolve";
};
  5. Add the following section to grant permission for Administration Console (arcotadmin) and User Data Service (arcotuds). 
    grant codeBase "file:${catalina.home}/webapps/arcotuds/-" {
permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
permission java.lang.RuntimePermission "accessClassInPackage.org.bouncycastle.asn1.*";
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.home}/webapps/arcotadmin/-" {
permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
permission java.security.AllPermission;
};
  6. Save and close the file.
  7. Restart Apache Tomcat.