tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Set System variables.
Date Mon, 26 Oct 2009 10:09:02 GMT
Miguel Torres Fernández wrote:
> Good Morning.
> At firts say hello, this is my first message to the list.
> I'm a system admin and i have a problem with applications thats set 
> system variables like proxy of the system (system.setProperties). It's a 
> big problem for us, i have an instance of tomcat with more than ten 
> applications and the past week two of them modify parameters of the 
> system like proxy or trustkeystore.
> Exist some jdk options to avoid applications to set this parameters?
Hola Miguel.
Simple answer : don't run these applications.  The developers of these 
applications should know that when they set such a "system" property, it 
sets it for the entire JVM, and they should think about the consequences.

As a sysadmin, you can probably forbid these applications from doing 
that, by running Tomcat with a security manager.  Look at the Tomcat 
startup scripts to see if there are default options being loaded 
somewhere.  If you are under Linux, you may find something in, for 
example, /etc/defaults/tomcat.

But the problem is, such a security manager is also valid for the entire 
JVM, and thus the entire Tomcat and all its (other) applications.
So you may have to do a lot of individual tuning of the permissions of 
each application, just to control these two misbehaving applications.

Also, by setting these permissions, the most likely result is that these 
two applications will now crash, since they will get a permission error 
when they try to do what they do.

So, back to the simple answer above.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message