nicksieger/10jruby.policy Secret

## 10jruby.policy
// Required for JRuby-based webapps

grant {
    permission java.util.PropertyPermission "jruby.*", "read";
    permission java.util.PropertyPermission "jruby.*", "write";
    permission java.util.PropertyPermission "java.io.tmpdir", "read";
    permission java.util.PropertyPermission "*", "read";
    permission java.util.PropertyPermission "*", "write";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "getenv.*";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    // Tested with Tomcat 6, some of these access checks may change in TC 7
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.coyote";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.connector";
};

## warble.rb
# Create a config/warble.rb or add the following code to your existing
# config.
#
# This workaround moves all jar extension files to WEB-INF/lib so that
# they live in the webapp classloader which has more liberal
# permissions for reading the filesystem.
#
# This logic should get pushed into a future version of Warbler.

Warbler::Config.new do |config|

  def config.update_archive(jar)
    super
    t = Tempfile.new(["empty", "jar"])
    path = t.path
    t.unlink
    Zip::ZipFile.open(path, Zip::ZipFile::CREATE) do |zipfile|
      zipfile.mkdir("META-INF")
      zipfile.get_output_stream("META-INF/MANIFEST.MF") {|f| f << ::Warbler::Jar::DEFAULT_MANIFEST }
    end
    jar.files.keys.select {|k| k =~ /^#{relative_gem_path}.*\.jar$/ }.each do |k|
      jar.files["WEB-INF/lib/#{k.sub(relative_gem_path,'')[1..-1].gsub(/[\/\\]/,'-')}"] = jar.files[k]
      jar.files[k] = path
    end
    at_exit { File.delete(path) }
  end

end
	// Required for JRuby-based webapps

	grant {
	permission java.util.PropertyPermission "jruby.*", "read";
	permission java.util.PropertyPermission "jruby.*", "write";
	permission java.util.PropertyPermission "java.io.tmpdir", "read";
	permission java.util.PropertyPermission "*", "read";
	permission java.util.PropertyPermission "*", "write";
	permission java.lang.RuntimePermission "getClassLoader";
	permission java.lang.RuntimePermission "getProtectionDomain";
	permission java.lang.RuntimePermission "createClassLoader";
	permission java.lang.RuntimePermission "getenv.*";
	permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
	// Tested with Tomcat 6, some of these access checks may change in TC 7
	permission java.lang.RuntimePermission "accessClassInPackage.org.apache.coyote";
	permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
	permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http";
	permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.connector";
	};
	# Create a config/warble.rb or add the following code to your existing
	# config.
	#
	# This workaround moves all jar extension files to WEB-INF/lib so that
	# they live in the webapp classloader which has more liberal
	# permissions for reading the filesystem.
	#
	# This logic should get pushed into a future version of Warbler.

	Warbler::Config.new do \|config\|

	def config.update_archive(jar)
	super
	t = Tempfile.new(["empty", "jar"])
	path = t.path
	t.unlink
	Zip::ZipFile.open(path, Zip::ZipFile::CREATE) do \|zipfile\|
	zipfile.mkdir("META-INF")
	zipfile.get_output_stream("META-INF/MANIFEST.MF") {\|f\| f << ::Warbler::Jar::DEFAULT_MANIFEST }
	end
	jar.files.keys.select {\|k\| k =~ /^#{relative_gem_path}.*\.jar$/ }.each do \|k\|
	jar.files["WEB-INF/lib/#{k.sub(relative_gem_path,'')[1..-1].gsub(/[\/\\]/,'-')}"] = jar.files[k]
	jar.files[k] = path
	end
	at_exit { File.delete(path) }
	end

	end