tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Sexton <gsex...@mhsoftware.com>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 17:55:09 GMT


Rainer Jung wrote:
> As far as I understand the issue, the solution is to use the correct 
> security manager profile. In catalina.policy there is already a comment 
> how to do that (search for "per context logging").

I'm not doing per context logging and I don't want to. That's what I 
find terribly frustrating. Something I'm not trying to do is breaking my 
app.

I have 250+ virtual hosts per tomcat instance. It seems like a lot of 
overhead that I'm not interested in.

> 
> Even with Marks patch (or with his plus mine), there would still be the 
> problem of the container not able to read logging.properties from a 
> context without giving it permissions. 

Since I have no desire to do per-context logging, this doesn't bother me.

 > The only difference that the
> patch makes, is that it swallows the exception resp. logs it.
> 
> Can you shortly describe
> 
> - if adding the correct configuration to catalina.policy fixes your problem

How would I add the correct configuration to catalina.policy for 250 
virtual hosts/contexts into catalina.policy?

It seems to me that I would have to either make many entries or make one 
generic entry that over-assigns permissions.

Complicating matters, using the host manager, I deploy new virtual 
hosts/contexts on the fly while the servlet engine is running. Is there 
a mechanism for dynamically updating catalina.policy?

> 
> - why not having those lines breaks your application and this breakage 
> is not happening with the patch? Is it because the 
> AccessControlException is not caught?

Yes. The AccessControlException is not caught within Tomcat, and it 
terminates the execution of my servlet.


-- 
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL:   http://www.mhsoftware.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message