tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@mail.more.net>
Subject Re: Problem with SecurityManager and jmx
Date Wed, 11 Jun 2003 02:56:42 GMT
Sergio Juan wrote:
> Hi.
> 
> I'm currently working in a complex web application. In a stage of development, we wanted
to control access to files
> from the users, and we got all the logic in a SecurityManager of its own. As we were
not very familiar with all the
> capacities of the Security Manager, we chose for the following procedure: - Let Tomcat
start normally - In our app
> start, we get the current SecurityManager if any and create one of ours (setting it as
the System SecurityManager).
> 

A web application should not be creating or modifying the SecurityManager.  The SecurityManager
is global
to the entire JVM.

> Our SecurityManager implements the methods related to the java.io.* classes (checkRead,
etc.). If any other method is
> called, we implement it just calling the older SecurityManager (if there was any).
> 

There shouldn't be any need for you to write a custom SecurityManager.  Instead you should
implement your own custom
Permission class, then use a custom FileIO class that does the appropriate permission checks.

Regards,

Glenn


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message