excalibur-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leif Mortenson <leifli...@tanukisoftware.com>
Subject Re: Fortress. BCEL and Security Managers
Date Fri, 10 Sep 2004 16:04:19 GMT
Berin Loritsch wrote:

>BTW, what resources did you use to dig up on the Java security model?
>It would be beneficial if we had some links.
>  
>
I wish I had some links as well.  I figured it out by first realizing 
that the compiled JSP pages
in Jetty were somehow being assigned privileges when their source 
directories were listed
in the policy file.

After lots of digging around the java docs, I noticed a 
getProtectionDomain method in the
Class class.

To figure it out, I added code like the following in the JSP page:
<%
Class clazz = this.getClass();
System.out.println( clazz.getProtectionDomain() );
System.out.println( clazz.getProtectionDomain().getCodeSource() );
System.out.println( clazz.getProtectionDomain().getPermissions() );
%>
That printed out lots of useful information that I had not seen 
before.   Once I figured out
that these were the classes involved.  I started checking out and then 
searching through
the code bases of Tomcat, Jetty, etc.. to try and figure out how they 
were used.

Long story short, it took time and patience.   If you have any questions 
though, I think
I have a fairly good grasp on how it all works now though.

Cheers,
Leif


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@excalibur.apache.org
For additional commands, e-mail: dev-help@excalibur.apache.org
Apache Excalibur Project -- URL: http://excalibur.apache.org/


Mime
View raw message