avalon-phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <pe...@apache.org>
Subject Re: Security policy
Date Wed, 25 Sep 2002 22:37:26 GMT

On Thu, 26 Sep 2002 08:23, Mauro Talevi wrote:
> 1. security policy is set in <policy> element in environment.xml,
> and - as stated in docs - if not set then it is equivalent to
> AllPermissions.


> Is that regardless of the $JAVA_HOME/jre/lib/security and
> ~/.java.policy?

The security permissions for the JVM are only used for the common classes (ie 
$PHOENIX_HOME/lib/*.jar) and the container classes ($PHOENIX_HOME/bin/lib)

However we actually specify the security policy as the one stored in the 
phoenix-launcher.jar. Have a look in that for the Kernel/common classes 
policy file.

However note. That because of the way Java security policys work the 
permissions of an application can never exceed the permissions assigned to 
the kernel as the permissions checked against are effectively an intersection 
of the two sets. That make sense?

> 2. being set in environment.xml one can assume that the settings are
> per-application and that one can set two completely independent
> policies for two apps running simultaneously in phoenix container.

Correct. However if Apps share classes (ie some of the classes are loaded out 
of $PHOENIX_HOME/lib) then the policies for these will be according to the 

> BTW, do separate apps run in separate JVMs?



Peter Donald
The two secrets to success:
   1- Don't tell anyone everything.

To unsubscribe, e-mail:   <mailto:avalon-phoenix-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-phoenix-dev-help@jakarta.apache.org>

View raw message