Do you want Application A have write/read access to properties files of Application B ? what about if both application were made by diferents providers ?
Another example ... Do you wana application A have read/write access to $GERONIMO_HOME/var/config or security files ?
 
Bye.

Vamsavardhana Reddy <c1vamsi1c@gmail.com> escribió:
When does one require to run the server under a Security Manager?

Thanks,
Vamsi

On 2/11/06, Matt Hogstrom <matt@hogstrom.org> wrote:
Cristian,

No apologies.  This is good feedback as I think we can use as much
administrative feedback as possible.

Cristian Roldan wrote:
> Hi All,
>           I  enabled the Security Manager with these parameters "-Djava.security.manager -Djava.security.policy=geronimo.policy",
> everything works ok, but the only problem that  I saw was with the Application identification (number) , if you deploy
> an application, Generimo creates a directory config-store/[NUMBER], you must use this number in the policy file, after a while
> you undeploy and deploy a new version of that application in this case you obtain a new number, so you must change the policy file.
> I think that using a [number] as a deployment directory is not the best solution from the administration perspective.
> I'm sorry I just give an opinion from the administration point of view maybe there is a design/performace reason that I can't see.
>
>
>   // --------------------------------------------------------------------------------------
> // Permissions for Geronimo V.1.0
> // --------------------------------------------------------------------------------------
>   // Geronimo gets all permissions
> grant codeBase "file:${org.apache.geronimo.base.dir}/lib/-" {
>   permission java.security.AllPermission;
> };
>   grant codeBase "file:${org.apache.geronimo.base.dir}/repository/-" {
>   permission java.security.AllPermission;
> };
>   //----------------------------------------------------------------------
> // From here I set the minimun permissions for my Applications
> // You must change "23" for you Application number, this number is created
> // during deployment phase.
> //----------------------------------------------------------------------
>   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/23/-" {
>   permission java.lang.RuntimePermission "accessClassInPackage.*";
> };
>   // ---------------------------------------------------------------------
>   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/1/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/2/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/3/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/4/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/5/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/6/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/7/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/8/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/9/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/10/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/11/-" {
>   permission java.security.AllPermission;
> };< BR>> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/12/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/13/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/14/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/15/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/16/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/17/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/18/ -" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/19/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/20/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/21/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/22/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/24/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/25/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/26/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/27/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/28/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/29/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/30/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/31/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/32/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/33/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/34/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/35/-" {
>   permission java.security.AllPermission;
> };
>
>
>
>
> ---------------------------------
>  1GB gratis, Antivirus y Antispam
>  Correo Yahoo!, el mejor correo web del mundo
>  Abrí tu cuenta aquí


__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡grati s!
¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar