9.1 Starting Tomcat with Security Manager

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Configure applications to run in a sandbox using the Security Manager. The Security Manager restricts what classes Tomcat can access thus protecting your server from mistakes, Trojans, and malicious code.

Rationale:

By running Tomcat with the Security Manager, applications are run in a sandbox which can prevent untrusted code from accessing files on the file system.

Solution

The security policies implemented by the Java SecurityManager are configured in the $CATALINA_HOME/conf/catalina.policy file. Once you have configured the catalina.policy file for use with a SecurityManager, Tomcat can be started with a SecurityManager in place by using the -security option:
On Unix:

$ $CATALINA_HOME/bin/catalina.sh start -security

On Windows:

C:> %CATALINA_HOME%bincatalina start -security

Default Value:

By default the -security option is not utilized.

See Also

https://workbench.cisecurity.org/files/4103