tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jun Inamori <>
Subject Re: how to specify Tomcat policy
Date Wed, 14 Mar 2001 14:40:58 GMT

> How do I specify that a specific policy file is to be taken into
> consideration while running applications(JSPs) on tomcat?

This kind of question should be posted to users-list, rather than this

During the "PolicyInterceptor.contextInit()", the instances Permission
are retrieved from Policy object by "getPermissions()". And the instance
of CodeSource is specified as the argument for
For each context, this instance of CodeSource is constructed with the
URL object pointing the docBase directory of that context.
So, to add the instances of Permission to each context, the codeBase for
that Permission must match the docBase for that context.
What does this mean?
To give the permissions for the Java library under some specific
context, we should specify the docBase directory for that context as the
Specifying "WEB-INF" directory as the codeBase will not work.

Only when the "codeBase" in the "tomcat.policy" matches the "docBase" in
the "server.xml", the permissions will be applied to that context.
For example, please append the following entities to your

grant codeBase "file:/export/home/foo/webapp/bar" {
  permission "/export/home/foo/webapp/-", "read,
write, delete, execute";

And "/export/home/foo/webapp/bar" is the "docBase" directory specified
in "server.xml".


Happy Java programming!

Jun Inamori

To unsubscribe, e-mail:
For additional commands, email:

View raw message