tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Custom Policy file
Date Thu, 03 Apr 2003 15:08:19 GMT


>I want to use JAAS for authorization in a web-application that runs
>I don't want to put my policy file neither in java_home/jre/security
>in user.home directories (because I think it's not correct). 

Unfortunately, I'm hearing other people with the same (valid) complaints
as you.

>to create my own implementation of, that parses my

True.  As the JavaDoc for suggests, it was always
intended for people to write custom Policy implementations for these

>But is core class and it is loaded by Primordial


>And if I replace default Policy by own implementation than all web
>applications will get my implementation of Policy when they invoke
>Am I right?

You're right.

>How can I populate my policy permissions in web environment?

Stick the policy file in $JAVA_HOME/jre/security is the easiest option.

One alternative is to find a container, if there is any, that supports
per-webapp policy files.  I'm not personally aware of any such

Another alternative is as you say, to write your own policy
implementation, run just your webapp on the server that uses this
implementation, and stick your implementation high up in the classloader

Yoav Shapira
Millennium ChemInformatics

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message