Class SecurityListener
java.lang.Object
org.apache.catalina.security.SecurityListener
- All Implemented Interfaces:
LifecycleListener
This listener must only be nested within
Server elements.-
Constructor Summary
ConstructorsConstructorDescriptionCreates a new SecurityListener instance with "root" as the default prohibited OS user. -
Method Summary
Modifier and TypeMethodDescriptionprotected voidChecks that the current operating system user is not in the list of prohibited users.protected voidChecks if the Tomcat build date exceeds the configured warning age threshold.protected voidChecks that the operating system umask meets the minimum required value.protected voiddoChecks()Execute the security checks.intGets the number of days that may pass between the build-date of this Tomcat instance before warnings are printed.Returns the current list of operating system users not permitted to run Tomcat.Get the minimum umask that must be configured before Tomcat will start.voidlifecycleEvent(LifecycleEvent event) Acknowledge the occurrence of the specified event.voidsetBuildDateWarningAgeDays(String ageDays) Sets the number of days that may pass between the build-date of this Tomcat instance before warnings are printed.voidsetCheckedOsUsers(String userNameList) Set the list of operating system users not permitted to run Tomcat.voidsetMinimumUmask(String umask) Set the minimum umask that must be configured before Tomcat will start.
-
Constructor Details
-
SecurityListener
public SecurityListener()Creates a new SecurityListener instance with "root" as the default prohibited OS user.
-
-
Method Details
-
lifecycleEvent
Description copied from interface:LifecycleListenerAcknowledge the occurrence of the specified event.- Specified by:
lifecycleEventin interfaceLifecycleListener- Parameters:
event- LifecycleEvent that has occurred
-
setCheckedOsUsers
Set the list of operating system users not permitted to run Tomcat. By default, only root is prevented from running Tomcat. Calling this method with null or the empty string will clear the list of users and effectively disables this check. Usernames will always be checked in a case-insensitive manner using the system default Locale.- Parameters:
userNameList- A comma separated list of operating system users not permitted to run Tomcat
-
getCheckedOsUsers
Returns the current list of operating system users not permitted to run Tomcat.- Returns:
- A comma separated list of operating system usernames.
-
setMinimumUmask
Set the minimum umask that must be configured before Tomcat will start.- Parameters:
umask- The 4-digit umask as returned by the OS command umask
-
getMinimumUmask
Get the minimum umask that must be configured before Tomcat will start.- Returns:
- The 4-digit umask as used by the OS command umask
-
setBuildDateWarningAgeDays
Sets the number of days that may pass between the build-date of this Tomcat instance before warnings are printed.- Parameters:
ageDays- The number of days a Tomcat build is allowed to age before logging warnings.
-
getBuildDateWarningAgeDays
public int getBuildDateWarningAgeDays()Gets the number of days that may pass between the build-date of this Tomcat instance before warnings are printed.- Returns:
- The number of days a Tomcat build is allowed to age before logging warnings.
-
doChecks
protected void doChecks()Execute the security checks. Each check should be in a separate method. -
checkOsUser
protected void checkOsUser()Checks that the current operating system user is not in the list of prohibited users. Throws an Error if the user is prohibited. -
checkUmask
protected void checkUmask()Checks that the operating system umask meets the minimum required value. Skips the check on Windows. Throws an Error if the umask is insufficient. -
checkServerBuildAge
protected void checkServerBuildAge()Checks if the Tomcat build date exceeds the configured warning age threshold. Logs a warning if the build is too old or if the build date cannot be read.
-