tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vladimir Grishchenko <VGrishche...@SERENA.com>
Subject webapp classloader ProtectionDomain (running secured tomcat)
Date Mon, 09 Jul 2001 15:26:34 GMT
Hi there,
I've posted the message below to tomcat-user but it didn't get much
attention. Is any work being done to address this?

Thanks,
--V.

------------------------------------------------
Hi all,

It seems that webapp classloader puts all classes loaded from
a webapp directory into the same ProtectionDomain regardless
of the location where the class was loaded from (like classes
dir or a jar file). It means that any security grant entry granting
permssions to a webapp codesource effectively grants the same set
of permissions to each and every class in web application. This
is probably fine in most cases but leaves no possibility to fine
tune security within web-application. My particular problem is
that I'm trying to use JAAS to enable access control with custom
JAAS policy implementation. CodeSOurce partitioning that Sun
suggests requires that the code sensitive to user-based
 operations shoud be put into separate ProtectionDomain for JAAS
mechanisms to work. The only way to do this with Tomcat is to put
classes someplace out of webapp directory, so they don't inherit
any permissions assigned to webapp ProtectionDomain. I think that
webapp class loader should put classes loaded from class directory
and every jar file into diffrent protection domains, like class
loaders that load classes from the system classpath in Java.

Well, if all that makes any sense to you may be there's something
I'm missing here?
Just wanted to get other people's opinions...

--Vlad.


***********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact
the sender by reply e-mail and destroy all copies of the original
message.
***********************************************************************

Mime
View raw message