tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 20:04:01 GMT
George Sexton schrieb:
> I will try a wild-card permission and see what happens.

Thank you. One caveat: I tried to end it the path with
"${file.separator}-", but that doesn't work. When using the trailing "-"
syntax, you really have to use a real file separator, not the variable :(

> Rainer Jung wrote:
>> George Sexton schrieb:
>>> Rainer Jung wrote:
>>> I have 250+ virtual hosts per tomcat instance. It seems like a lot of
>>> overhead that I'm not interested in.
>>>
>>> How would I add the correct configuration to catalina.policy for 250
>>> virtual hosts/contexts into catalina.policy?
>>>
>>> It seems to me that I would have to either make many entries or make one
>>> generic entry that over-assigns permissions.
>>>
>>> Complicating matters, using the host manager, I deploy new virtual
>>> hosts/contexts on the fly while the servlet engine is running. Is there
>>> a mechanism for dynamically updating catalina.policy?
>>
>> How about adding something like
>>
>>    permission java.io.FilePermission
>>    "${catalina.base}${file.separator}webapps/-", "read";
>>
>> to the block starting with
>>
>>    grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar"
>>
>> The security manager should mainly protect you somehow against malicious
>>  webapp code. So giving those permissions to tomcat-juli doesn't seem to
>> be to big a problem. You can even narrow that down to giving it only to
>> the class org.apache.juli.ClassLoaderLogManager.
>>
>> I don't know how the file system layout of the webapps for all your
>> vhosts looks like, but wouldn't something like this be a good compromise
>> for 5.5.27?
>>
>> Regards,
>>
>> Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message