tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Barclay <Daniel.Barc...@digitalfocus.com>
Subject Re: Java security with Tomcat?
Date Wed, 11 Oct 2000 18:14:12 GMT
Rick Horowitz wrote:
> 
...
> When I traced into the java system code, I discovered that the
> ProtectionDomain for the jaas.jar file (which contains the
> javax.security.auth.Policy class) does not have the
> java.security.auth.AuthPermission "getPolicy" permission, even though I
> have the following grant entry in my policy file.
> 
> grant {
>         permission java.util.PropertyPermission "tomcat.sessionid.randomclass",
> "read";
>         permission java.security.auth.AuthPermission "getPolicy";
> };
> 
> Does anyone know if this *should* work, or is it not yet implemented or
> broken? 

I'm not sure about this, but you might want to check your codebase
specifications in the security policy file.  (Make sure that it
covers whichever directory holds your class or jar files.)




-- 
Daniel Barclay
Digital Focus
Daniel.Barclay@digitalfocus.com

Mime
View raw message