# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
-package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
-
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,\
+org.apache.naming.resources.,org.apache.tomcat.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
-package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
+org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
+#
#
# List of comma-separated paths defining the contents of the "common"
# classloader. Prefixes should be used to define what is the repository type.
# - Jasper JARs
# - Tomcat JARs
# - Common non-Tomcat JARs
+# - Test JARs (JUnit, Cobertura and dependencies)
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
-annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,\
+annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
+tools.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
-jstl.jar,\
+jstl.jar,taglibs-standard-spec-*.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
-jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
+jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
-junit.jar,junit-*.jar,ant-launcher.jar
+junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
+cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
+jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
+xom-*.jar
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for Servlet 3.0 pluggability features. These features include web
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for TLDs. The list must be a comma separated list of JAR file names.
-org.apache.catalina.startup.TldConfig.jarsToSkip=
+org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
#
# String cache configuration.
<!-- globalXsltFile[null] -->
<!-- -->
<!-- globalXsltFile Site wide configuration version of -->
- <!-- localXsltFile This argument is expected -->
- <!-- to be a physical file. [null] -->
- <!-- -->
+ <!-- localXsltFile. This argument must either be an -->
+ <!-- absolute or relative (to either -->
+ <!-- $CATALINA_BASE/conf or $CATALINA_HOME/conf) -->
+ <!-- path that points to a location below either -->
+ <!-- $CATALINA_BASE/conf (checked first) or -->
+ <!-- $CATALINA_HOME/conf (checked second).[null] -->
<!-- -->
+ <!-- showServerInfo Should server information be presented in the -->
+ <!-- response sent to clients when directory -->
+ <!-- listings is enabled? [true] -->
<servlet>
<servlet-name>default</servlet-name>
<!-- -->
<!-- cgiPathPrefix The CGI search path will start at -->
<!-- webAppRootDir + File.separator + this prefix. -->
- <!-- [WEB-INF/cgi] -->
+ <!-- If not set, then webAppRootDir is used. -->
+ <!-- Recommended value: WEB-INF/cgi -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!-- ================== Built In Filter Definitions ===================== -->
+ <!-- A filter that sets various security related HTTP Response headers. -->
+ <!-- This filter supports the following initialization parameters -->
+ <!-- (default values are in square brackets): -->
+ <!-- -->
+ <!-- hstsEnabled Should the HTTP Strict Transport Security -->
+ <!-- (HSTS) header be added to the response? See -->
+ <!-- RFC 6797 for more information on HSTS. [true] -->
+ <!-- -->
+ <!-- hstsMaxAgeSeconds The max age value that should be used in the -->
+ <!-- HSTS header. Negative values will be treated -->
+ <!-- as zero. [0] -->
+ <!-- -->
+ <!-- hstsIncludeSubDomains -->
+ <!-- Should the includeSubDomains parameter be -->
+ <!-- included in the HSTS header. -->
+ <!-- -->
+ <!-- antiClickJackingEnabled -->
+ <!-- Should the anti click-jacking header -->
+ <!-- X-Frame-Options be added to every response? -->
+ <!-- [true] -->
+ <!-- -->
+ <!-- antiClickJackingOption -->
+ <!-- What value should be used for the header. Must -->
+ <!-- be one of DENY, SAMEORIGIN, ALLOW-FROM -->
+ <!-- (case-insensitive). [DENY] -->
+ <!-- -->
+ <!-- antiClickJackingUri IF ALLOW-FROM is used, what URI should be -->
+ <!-- allowed? [] -->
+ <!-- -->
+ <!-- blockContentTypeSniffingEnabled -->
+ <!-- Should the header that blocks content type -->
+ <!-- sniffing be added to every response? [true] -->
+<!--
+ <filter>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+-->
+
<!-- A filter that sets character encoding that is used to decode -->
<!-- parameters in a POST request -->
<!--
<!-- ==================== Built In Filter Mappings ====================== -->
+ <!-- The mapping for the HTTP header security Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+-->
+
<!-- The mapping for the Set Character Encoding Filter -->
<!--
<filter-mapping>
Code Review / vtn.git / commitdiff