tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Vandewoestyne <Bart.Vandewoest...@kuleuven-kortrijk.be>
Subject security manager
Date Fri, 12 Jun 2009 11:49:09 GMT
Hello all,

First of all, my setup:

* Tomcat 5.5.26 on a Debian GNU/Linux 5.0 system.
* java version "1.6.0_12"

I have deployed a webapp under

/usr/share/tomcat5.5/webapps/servlet.war

I have configured my Tomcat not to unpack .war files.

Within my servlet.war file, I have a

WEB-INF/lib/mysql-connector-java-5.1.7-bin.jar

file that I use to connect to a remote MySQL database.

If I'm turning off the security manager by setting

TOMCAT5_SECURITY=no

in /etc/init.d/tomcat5.5

then I can make the connection to the database.  If i turn it on
however, I can't connect.

I know I can set permissions in the

/etc/tomcat5.5/policy.d/50user.policy

file, but I'm not sure about the syntax if I'm working with a .war file.

Suppose I write the following:

grant codeBase "file:/usr/share/tomcat5.5/webapps/servlet.war" {
       permission java.net.SocketPermission "*.databasehost.be:3306",
"connect";
}

Then my two questions are:

* Is the grant codeBase line the correct way to specify permissions for
my servlet.war web application (deployed as a .war file, not unpacked)

* Will the above be enough to allow connections to the database server,
or do i have to specify extra lines for the
WEB-INF/lib/mysql-connector-java-5.1.7-bin.jar file that is within the
servlet.war file?  Does every .jar file that is within servlet.war
inherit the permissions that i give to servlet.war?

Thanks,
Bart


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message