tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: Using SecurityManager to set JSP execution security policy
Date Sun, 30 Apr 2000 04:23:32 GMT
Both below and in the Tomcat README, JDK1.1 compatability is mentioned.

The JDK1.2 SecurityManager is a great deal more flexible and extensible
than JDK1.1.

You mention below using a java.policy file, wasn't that introduced in JDK1.2?

I would prefer implementing a JDK1.2 SecurityManager.  But how can this
fit in with JDK1.1 compatability?   

Will the SecurityManager only be available when Tomcat is used with 1.2?
Is that what you meant below when referring to using two different jar
files for Tomcat?  The first jar contains Tomcat w/o Security, the second
when installed adds and/or overwrites classes that implement security?

By TomcatPermissions you mean Tomcat objects that are currently private,
but administrative servlets could if granted permission by the SecurityManager
gain access to reading/setting private variables or calling internal Tomcat
methods?

Just trying to think through the design issues for a Tomcat SecurityManager.

Glenn

Costin Manolache wrote:
> 
> Great !
> 
> Right now there are 2 missing pieces:
> - adding code to the ClassLoader to report the code source. Probably you'll
> have to extend AdaptiveClassLoader and add the right method - in order
> to leave Adaptive compatible with  JDK1.1
> 
> - write a sample java.policy and document it.  As a bonus you can add a
> simple generator ( like apache.conf generator) that will create a "default"
> policy. ( super-super bonus - web based interface to add/remove rules,
> but I'm dreaming :-)
> 
> It isn't very hard - but it will take some time. Let me know if I can help.
> 
> One very interesting addition is to add TomcatPermission - that will allow
> apps to access tomcat internal objects, but we need a lot of work on the
> code to close the doors. Another very important experiment will be to
> separate tomcat build in 2 separate jar files - one containing code that
> require the special permissions ( the network adapter ) and one with the
> rest of the code.
> 
> You need to give read permission for each webapps to it's own directory,
> write permission to it's temp dir - and nothing else.  If the webapp
> is accessing a database - probably the admin will have to allow this.
> 
> It will be fun!
> 
> Costin
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Mime
View raw message