tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [next] What's next ?
Date Mon, 06 Oct 2003 01:50:44 GMT
Glenn Nielsen wrote:

> Remy Maucherat wrote:
>> Glenn Nielsen wrote:
>>> I proposed a while ago to implement a custom java policy for the
>>> SecurityManager which uses XML for configuring permissions for
>>> the Java SecurityManager.  There were a number of features which
>>> made configuring a strict security policy easier.  You can look
>>> back through the archives for the initial proposal and discussion.
>> It's an open discussion :)
>> However, I'd say this is an uphill battle. I think Costin argued the
>> same earlier, and the "standard" policy file remained consistent, and
>> now added JMX security rather (which is an important feature since we're
>> now JMX based). So well, I don't know ...
>> Remy
>  From what I recall of the discussion, the issue was not with adding
> this as a feature, but with how it was implemented using Castor.

Castor was clearly a big problem, but not the only one :-)

My big concern was about inventing yet-another application-specific DTD.
If you want to support an XML format that is in use by 1-2 other
applications - great. If you can discuss this issue with any other project
and come to an agreement - again, I'm ok. But if this is an XML that only
tomcat uses - I would rather stick with the standard policy format.

IMO parsing and generating a policy file is a bit more difficult than
parsing/generating XML - but not by much, and it's just some code.
Documenting and supporting an XML DTD - and getting people to understand
and use it is far more difficult. Almost anyone how uses security policies 
knows the standard format. To force a new syntax on the user just because
XML is a bit easier to parse is not a good idea IMO.

> For those who have to maintain strict java security policies the current
> policy file format of granting permissions is a pain to use.  The XML
> based policy feature I designed is much easier to use.

I disagree - if you mean that XML makes it somehow easier to use because of
the <>. It is usually easier to use what you know or can learn from others.

If you mean the extra flexibility you proposed - like ability to define a
policy file per app, etc - I agree, but that's unrelated with XML.


> Regards,
> Glenn
> ----------------------------------------------------------------------
> Glenn Nielsen    | /* Spelin donut madder    |
> MOREnet System Programming               |  * if iz ina coment.      |
> Missouri Research and Education Network  |  */                       |
> ----------------------------------------------------------------------

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message