tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Vandewoestyne <>
Subject security manager
Date Fri, 12 Jun 2009 11:49:09 GMT
Hello all,

First of all, my setup:

* Tomcat 5.5.26 on a Debian GNU/Linux 5.0 system.
* java version "1.6.0_12"

I have deployed a webapp under


I have configured my Tomcat not to unpack .war files.

Within my servlet.war file, I have a


file that I use to connect to a remote MySQL database.

If I'm turning off the security manager by setting


in /etc/init.d/tomcat5.5

then I can make the connection to the database.  If i turn it on
however, I can't connect.

I know I can set permissions in the


file, but I'm not sure about the syntax if I'm working with a .war file.

Suppose I write the following:

grant codeBase "file:/usr/share/tomcat5.5/webapps/servlet.war" {
       permission "*",

Then my two questions are:

* Is the grant codeBase line the correct way to specify permissions for
my servlet.war web application (deployed as a .war file, not unpacked)

* Will the above be enough to allow connections to the database server,
or do i have to specify extra lines for the
WEB-INF/lib/mysql-connector-java-5.1.7-bin.jar file that is within the
servlet.war file?  Does every .jar file that is within servlet.war
inherit the permissions that i give to servlet.war?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message