tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] SecurityManager and Java Policy Files
Date Wed, 10 Nov 2010 21:15:36 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I'm resurrecting this thread because I'd like to return my attention to
running my webapp under a SecurityManager.

On 3/25/2010 4:03 PM, Christopher Schultz wrote:
> This is off-topic in that it doesn't really have anything to do
> specifically with Tomcat, but I would be willing to bet that readers
> would be interested in the answer. Besides, the pool of brain cells
> available to this list is rather deep and I'd love an explanation of
> policies.
> 
> I recently tried to set up Tomcat 6.x running under a SecurityManager.
> As I fell down the rabbit hole, I saw that lots of things needed to be
> granted to my code, which all makes sense in general. What I don't quite
> get is the hierarchy of checks that are done.

Can anyone recommend any literature for understanding the Zen of Java's
SecurityManager and, more specifically, how to properly write your
application to operate under one?

I'm looking for references that explain the interaction between the
SecurityManager itself, the policy, signed code, and the use of
AccessController/PrivilegedAction.

Online resources and articles as well as dead trees would be fine. My
Google-fu just isn't turning up anything relevant. I get either horribly
technical specifications of things or trifles that just say "run under a
SecurityManager and everything will be secure!".

Any help would be greatly appreciated.

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzbC3gACgkQ9CaO5/Lv0PASFwCeLUDSfK0n+jFbli4sqRRWPGEf
avYAn0oksVC/YT1Gai/w936m2h7sp6eM
=IPIw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message