jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bastian Bowe <BaB...@gmx.de>
Subject Re: NullPointerException with Tomcat Howto
Date Mon, 14 Jul 2003 11:08:08 GMT
Ok, I was playing around with the policy files. Now I've got some
improved (alternative) versions to add to my 04webapps.policy.

very restrictive but hard to manage:
==================================================
grant codeBase "file:${catalina.home}/webapps/cactusTest/WEB-INF/lib/junit-3.7.jar" {
	permission java.util.PropertyPermission "user.home", "read";
	permission java.util.PropertyPermission "cactus.*", "read";
	permission java.io.FilePermission "${catalina.home}/junit.properties", "read";
	permission java.net.SocketPermission "localhost:8082", "connect, resolve";
};

grant codeBase "file:${catalina.home}/webapps/cactusTest/WEB-INF/lib/cactus-1.4.1.jar" {
	permission java.util.PropertyPermission "cactus.*", "write";
//may be more restrictive?
	permission java.util.PropertyPermission "*", "read";
	permission java.io.FilePermission "${catalina.home}/junit.properties", "read";
	permission java.net.SocketPermission "localhost:8082", "connect, resolve";
};

grant codeBase "file:${catalina.home}/webapps/cactusTest/WEB-INF/lib/commons-logging-1.0.jar"
{
//may be more restrictive?
	permission java.util.PropertyPermission "*", "read";
};

grant codeBase "file:${catalina.home}/webapps/cactusTest/WEB-INF/lib/commons-httpclient-2.0alpha1-20020606.jar"
{
	permission java.net.SocketPermission "localhost:8082", "connect, resolve";
};
==================================================

less restrictive but easier to manage:
==================================================
grant codeBase "file:${catalina.home}/webapps/cactusTest/WEB-INF/lib/-" {
	permission java.util.PropertyPermission "cactus.*", "write";
//may be more restrictive?
	permission java.util.PropertyPermission "*", "read";
	permission java.io.FilePermission "${catalina.home}/junit.properties", "read";
	permission java.net.SocketPermission "localhost:8082", "connect, resolve";
};
==================================================

to use log4j add:
==================================================
//for log4j
	permission java.lang.RuntimePermission "getClassLoader";
//log4j.appender.cactus.File:
	permission java.io.FilePermission "/tmp/cactus_client.log", "write, read";
==================================================

Maybe that helps someone. If you've got good knowledge in .policy
files and have got a better solution, let us know.
-- 
Bastian Bowe
Sent using Debian GNU/Linux - http://www.debian.org

Mime
View raw message