tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedicte Luet <>
Subject tomcat and java.policy file
Date Fri, 12 May 2000 13:34:25 GMT

I am trying to find some information / help on using a security manager with
tomcat and jsp. I am trying to figure out how to setup the java.policy file
to allow my application to run properly with tomcat and I am having several
problems. I apologize if some of this seems trivial, I am new to java and

Here is what I am trying to accomplish: An argument passed to my jsp is a
directory. I want to allow only a certain directory structure to be accessed
(for obvious security reasons). I don't want to put that directory in my
code, as I don't want to have to re-compile if I move it. The java.policy
file seemed the best place to do this.

1. I am trying to allow all classes under /java to have read access on the
/documentation directory. Here is the code I use:
grant "file:/java/-" {
    permission "ip.address", "accept,resolve";
    permission "/documentation", "read";
    permission "/documentation/-", "read";
However, the file permissions do not seem to work. The socket permission does
work. The only way I was able to make it work, was to put the 2
FilePermission lines in the general grant section.

2. Still with the file permissions. To allow tomcat to access the classes
under /java, I had to add the permission on /java to the general grant
section. I tried to restrict it to where tomcat is, but it did not work.

3. I also had to allow the RuntimePermission setContextClassLoader in the
general section. I was getting an error for my /java context. Not for the
default ones under $TOMCAT_HOME/webapps. Could anyone explain what the
setContextClassLoader permission does?

I would appreciate any help you can provide.


View raw message