tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "alla winter" <alla1.win...@gmail.com>
Subject Security restrictions for Tomcat
Date Tue, 25 Sep 2007 21:51:52 GMT
Hello,
My application can crate report on a fly ( a file) for an authorized
clients.   The client authentication is conducted by the application  and
Tomcat is not involved in this process. Other clients may create a file in
the same directory, but the application will show the links only to  the
files that were created by this particular user ( the userID is a part of
the file name).  How can I ensure that others cannot view this file by just
typing the URL in the browser and list all the files under this directory?



I read about the possibility starting Tomcat with the security manager
(%CATALINA_HOME%\bin\catalina
start –security)  But It is not clear how to invoke the security manager for
the TOMCAT that is running as a service (C:\jakarta-
tomcat-5.0.28\bin\tomcat5.exe //RS//Tomcat5) and what exactly needs to be
added to the catalina.policy file  to set the needed restrictions.



I would appreciate any help for this matter.

thanks


P.S. I am using Tomcat 5.0.28 ; JDK 1.5.0_12   Tomcat is running as a
service under Windows 2003 server

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message