/* -------------------------------------------------------------- */
/* Copy this file to your {CATALINA_HOME}/conf/ directory. Modify */
/* at least 'codebase' and 'java.io.FilePermission' parameters to */
/* fit your setup.                                                */
/* Start Tomcat with options 'start -security' for this policy to */
/* take effect.                                                   */
/* -------------------------------------------------------------- */


/* ========= Rebuild-specific policy entries start here ========= */

grant codeBase "file://@webapp.dir@/WEB-INF/-" {

	/* IMPORTANT: On Windows systems, replace '/' and '\' with '\\' in */
	/*            all java.io.FilePermission entries.                  */

  /* Grant permission to userdata directory */
  permission java.io.FilePermission "@userdata.tmp.dir@/-", "read, write, delete";
  permission java.io.FilePermission "@userdata.dir@/-", "read, write, delete";
  permission java.io.FilePermission "@userdata.dir@", "read";
  /* Grant permission to log directoriy */
  permission java.io.FilePermission "@log.dir@", "read";
  permission java.io.FilePermission "@log.dir@/-", "read, write, delete";

  /* Grant socket permission to AJP13 connector */
  permission java.net.SocketPermission "8009", "accept, connect, listen, resolve";

  /* misc permissions needed by framework */
  permission java.io.FilePermission "syslog", "read, write";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.util.PropertyPermission "*", "read, write";
  permission java.lang.RuntimePermission "setFactory";
  permission java.lang.RuntimePermission "accessClassInPackage.*";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "defineClassInPackage.org.apache.catalina.*";  
};


/* ======= Standard catalina.policy entries below this line ====== */

grant codeBase "file:${java.home}/lib/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/jre/lib/ext/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/../lib/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/lib/ext/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/common/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/server/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/shared/lib/jasper-compiler.jar" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/shared/lib/jasper-runtime.jar" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/server/webapps/admin/WEB-INF/classes/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar" {
  permission java.security.AllPermission;
};

grant {
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.naming.*", "read";
  permission java.util.PropertyPermission "javax.sql.*", "read";
  permission java.util.PropertyPermission "os.name", "read";
  permission java.util.PropertyPermission "os.version", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.util.PropertyPermission "file.separator", "read";
  permission java.util.PropertyPermission "path.separator", "read";
  permission java.util.PropertyPermission "line.separator", "read";
  permission java.util.PropertyPermission "java.version", "read";
  permission java.util.PropertyPermission "java.vendor", "read";
  permission java.util.PropertyPermission "java.vendor.url", "read";
  permission java.util.PropertyPermission "java.class.version", "read";
  permission java.util.PropertyPermission "java.specification.version", "read";
  permission java.util.PropertyPermission "java.specification.vendor", "read";
  permission java.util.PropertyPermission "java.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.specification.version", "read";
  permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
  permission java.util.PropertyPermission "java.vm.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.version", "read";
  permission java.util.PropertyPermission "java.vm.vendor", "read";
  permission java.util.PropertyPermission "java.vm.name", "read";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.beans";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util.*";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
  permission java.lang.RuntimePermission "getAttribute";
  permission java.util.PropertyPermission "jaxp.debug", "read";
};