tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Horowitz <rhorow...@ni4u.com>
Subject Re: Java security with Tomcat?
Date Wed, 11 Oct 2000 19:17:35 GMT
Hi Dan,

Thanks for your reply, but I've already given up on using JAAS with
Tomcat for the time being. Don't want to spend any more time on it.  I
believe that my codebase in the security policy file does cover the
correct directory and/or jar files.  I plan to get back to this after
the release of jdk 1.4, which is supposed to contain the JAAS source
files.  I figure I have a better chance of figuring this out if I can
see why JAAS is actually rejecting this...

Rick Horowitz

Daniel Barclay wrote:
> 
> Rick Horowitz wrote:
> >
> ...
> > When I traced into the java system code, I discovered that the
> > ProtectionDomain for the jaas.jar file (which contains the
> > javax.security.auth.Policy class) does not have the
> > java.security.auth.AuthPermission "getPolicy" permission, even though I
> > have the following grant entry in my policy file.
> >
> > grant {
> >         permission java.util.PropertyPermission "tomcat.sessionid.randomclass",
> > "read";
> >         permission java.security.auth.AuthPermission "getPolicy";
> > };
> >
> > Does anyone know if this *should* work, or is it not yet implemented or
> > broken?
> 
> I'm not sure about this, but you might want to check your codebase
> specifications in the security policy file.  (Make sure that it
> covers whichever directory holds your class or jar files.)
> 
> --
> Daniel Barclay
> Digital Focus
> Daniel.Barclay@digitalfocus.com

Mime
View raw message