152 lines
7.6 KiB
Properties
152 lines
7.6 KiB
Properties
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
#
|
|
# List of comma-separated packages that start with or equal this string
|
|
# will cause a security exception to be thrown when
|
|
# passed to checkPackageAccess unless the
|
|
# corresponding RuntimePermission ("accessClassInPackage."+package) has
|
|
# been granted.
|
|
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
|
|
#
|
|
# List of comma-separated packages that start with or equal this string
|
|
# will cause a security exception to be thrown when
|
|
# passed to checkPackageDefinition unless the
|
|
# corresponding RuntimePermission ("defineClassInPackage."+package) has
|
|
# been granted.
|
|
#
|
|
# by default, no packages are restricted for definition, and none of
|
|
# the class loaders supplied with the JDK call checkPackageDefinition.
|
|
#
|
|
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
|
|
org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
|
|
|
|
#
|
|
#
|
|
# List of comma-separated paths defining the contents of the "common"
|
|
# classloader. Prefixes should be used to define what is the repository type.
|
|
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
|
|
# If left as blank,the JVM system loader will be used as Catalina's "common"
|
|
# loader.
|
|
# Examples:
|
|
# "foo": Add this folder as a class repository
|
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
|
# repositories
|
|
# "foo/bar.jar": Add bar.jar as a class repository
|
|
#
|
|
# Note: Values are enclosed in double quotes ("...") in case either the
|
|
# ${catalina.base} path or the ${catalina.home} path contains a comma.
|
|
# Because double quotes are used for quoting, the double quote character
|
|
# may not appear in a path.
|
|
common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.base}/common/classes","${catalina.base}/common/*.jar","${catalina.home}/common/classes","${catalina.home}/common/*.jar"
|
|
|
|
#
|
|
# List of comma-separated paths defining the contents of the "server"
|
|
# classloader. Prefixes should be used to define what is the repository type.
|
|
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
|
|
# If left as blank, the "common" loader will be used as Catalina's "server"
|
|
# loader.
|
|
# Examples:
|
|
# "foo": Add this folder as a class repository
|
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
|
# repositories
|
|
# "foo/bar.jar": Add bar.jar as a class repository
|
|
#
|
|
# Note: Values may be enclosed in double quotes ("...") in case either the
|
|
# ${catalina.base} path or the ${catalina.home} path contains a comma.
|
|
# Because double quotes are used for quoting, the double quote character
|
|
# may not appear in a path.
|
|
server.loader="${catalina.base}/server/classes","${catalina.base}/server/*.jar","${catalina.home}/server/classes","${catalina.home}/server/*.jar"
|
|
|
|
#
|
|
# List of comma-separated paths defining the contents of the "shared"
|
|
# classloader. Prefixes should be used to define what is the repository type.
|
|
# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
|
|
# the "common" loader will be used as Catalina's "shared" loader.
|
|
# Examples:
|
|
# "foo": Add this folder as a class repository
|
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
|
# repositories
|
|
# "foo/bar.jar": Add bar.jar as a class repository
|
|
# Please note that for single jars, e.g. bar.jar, you need the URL form
|
|
# starting with file:.
|
|
#
|
|
# Note: Values may be enclosed in double quotes ("...") in case either the
|
|
# ${catalina.base} path or the ${catalina.home} path contains a comma.
|
|
# Because double quotes are used for quoting, the double quote character
|
|
# may not appear in a path.
|
|
shared.loader="${catalina.base}/shared/classes","${catalina.base}/shared/*.jar","${catalina.home}/shared/classes","${catalina.home}/shared/*.jar"
|
|
|
|
# Default list of JAR files that should not be scanned using the JarScanner
|
|
# functionality. This is typically used to scan JARs for configuration
|
|
# information. JARs that do not contain such information may be excluded from
|
|
# the scan to speed up the scanning process. This is the default list. JARs on
|
|
# this list are excluded from all scans. The list must be a comma separated list
|
|
# of JAR file names.
|
|
# The list of JARs to skip may be over-ridden at a Context level for individual
|
|
# scan types by configuring a JarScanner with a nested JarScanFilter.
|
|
# The JARs listed below include:
|
|
# - Tomcat Bootstrap JARs
|
|
# - Tomcat API JARs
|
|
# - Catalina JARs
|
|
# - Jasper JARs
|
|
# - Tomcat JARs
|
|
# - Common non-Tomcat JARs
|
|
# - Test JARs (JUnit, Cobertura and dependencies)
|
|
tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\
|
|
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
|
|
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
|
|
jaspic-api.jar,\
|
|
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\
|
|
catalina-tribes.jar,\
|
|
jasper.jar,jasper-el.jar,ecj-*.jar,\
|
|
tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\
|
|
tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\
|
|
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
|
|
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
|
|
tomcat-jdbc.jar,\
|
|
tools.jar,\
|
|
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
|
|
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
|
|
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
|
|
commons-math*.jar,commons-pool*.jar,\
|
|
jstl.jar,taglibs-standard-spec-*.jar,\
|
|
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
|
|
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
|
|
jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
|
|
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
|
|
junit.jar,junit-*.jar,hamcrest-*.jar,easymock-*.jar,cglib-*.jar,\
|
|
objenesis-*.jar,ant-launcher.jar,\
|
|
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
|
|
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
|
|
xom-*.jar
|
|
|
|
# Default list of JAR files that should be scanned that overrides the default
|
|
# jarsToSkip list above. This is typically used to include a specific JAR that
|
|
# has been excluded by a broad file name pattern in the jarsToSkip list.
|
|
# The list of JARs to scan may be over-ridden at a Context level for individual
|
|
# scan types by configuring a JarScanner with a nested JarScanFilter.
|
|
tomcat.util.scan.StandardJarScanFilter.jarsToScan=\
|
|
log4j-web*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar
|
|
|
|
# String cache configuration.
|
|
tomcat.util.buf.StringCache.byte.enabled=true
|
|
#tomcat.util.buf.StringCache.char.enabled=true
|
|
#tomcat.util.buf.StringCache.trainThreshold=500000
|
|
#tomcat.util.buf.StringCache.cacheSize=5000
|
|
|
|
# Allow for changes to HTTP request validation
|
|
# WARNING: Using this option will expose the server to CVE-2016-6816
|
|
#tomcat.util.http.parser.HttpParser.requestTargetAllow=|
|