Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 08125FFE3 for ; Wed, 24 Apr 2013 17:52:17 +0000 (UTC) Received: (qmail 28574 invoked by uid 500); 24 Apr 2013 17:52:13 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 28517 invoked by uid 500); 24 Apr 2013 17:52:13 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 28507 invoked by uid 99); 24 Apr 2013 17:52:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Apr 2013 17:52:13 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_FRT_BELOW2 X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of christian.beikov@gmail.com designates 209.85.215.181 as permitted sender) Received: from [209.85.215.181] (HELO mail-ea0-f181.google.com) (209.85.215.181) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Apr 2013 17:52:07 +0000 Received: by mail-ea0-f181.google.com with SMTP id a11so852691eae.26 for ; Wed, 24 Apr 2013 10:51:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type; bh=l6Zb+XogQwW3CnIzmE336pNlCvumf5NeQdnpa9hAc0A=; b=YUdcFSGBk46qrJ+0DwyYrbUxwLpT8oXgpgCwR6x3/YFIaOFoPuNtiarCjJxD+6GjhI FplO+2I8p1UNiM6EoLoWNh6oPaxoh7GGEgOCB4v0ljbYNuwNfVD9qD9IQYAUPct8g2QE qWpbVeKLc6JB3N3fLubufX7m2AkvOatYmmxh3kPYmCKOqbWgyVs7zA5ACysIAQYJSw// H30Fr76F9n+njxBvwVZbZgLrPrT1XE6qS6uSP0CbnBPlikaGcZkOhm9noJ5b3515lwXb E5/x/D/9GKI5JOC1XFTcAGccoHw4qIjw+QTHX7zxIU9E7LAhlor+zs3nnWKahGLeDQXZ Z4mg== X-Received: by 10.15.93.202 with SMTP id w50mr41862164eez.45.1366825907040; Wed, 24 Apr 2013 10:51:47 -0700 (PDT) Received: from [10.0.0.3] (178-190-245-63.adsl.highway.telekom.at. [178.190.245.63]) by mx.google.com with ESMTPSA id bk42sm5706402eeb.3.2013.04.24.10.51.45 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 24 Apr 2013 10:51:46 -0700 (PDT) Message-ID: <51781BB0.1020908@gmail.com> Date: Wed, 24 Apr 2013 19:51:44 +0200 From: Christian Beikov User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: users@tomcat.apache.org Subject: Re: Policy files References: <51777BC7.1050209@gmail.com> <517812D4.1020607@christopherschultz.net> In-Reply-To: <517812D4.1020607@christopherschultz.net> Content-Type: multipart/alternative; boundary="------------000406010802000204070602" X-Virus-Checked: Checked by ClamAV on apache.org --------------000406010802000204070602 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Yes we are talking about security manager policies. So there is no possibility to just push the policy file to the WebappClassLoader? As stated in the reply to Matrin Gainty there do exist methods to restrict the webapp, but unfortunately no method for supplying a policy file. So this means I have to parse the policy file myself and add the permissions manually to the classloader? Are there any options in the context.xml I could set for specifying a webapp local policy so that I don't have to fiddle around with how tomcat is called? I know how to apply a policy at runtime, but don't know how this affects tomcat when I apply it e.g. in a ServletContextListener. Would be cool if there was an option to do that kind of stuff. Mit freundlichen Grüßen, ------------------------------------------------------------------------ *Christian Beikov* Am 24.04.2013 19:13, schrieb Christopher Schultz: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Christian, > > On 4/24/13 2:29 AM, Christian Beikov wrote: >> I am using tomcat as an embedded container for a while now, it is >> really amazing, but now I got stuck on a topic. I am implementing a >> testsuite for automatic testing of uploaded solutions by students. >> The deployment works like a charm, I also found your >> StuckThreadDetectionValve very useful to kill threads of the >> students applications. The next assignment will involve some areas >> where I would like to specify a policy file so that the students >> can't do anything they aren't supposed to. Now to my problem. > Cool. > >> One thing is that I want a policy file to be in the students >> projects, so that they actually get the exceptions when they are >> doing something wrong. What do I have to configure in these student >> web projects so that they can e.g. deploy the project directly from >> netbeans to tomcat and have the policy applied? > I assume you are talking about SecurityManager policies. > > Unfortunately, the SecurityManager applies to the entire JVM, so you > can't do something cool like allow one ClassLoader to run amok while > classes loaded from another one are constrained. Instead, you can > place limits on the entire JVM (e.g. no System.exit) and then poke > holes in those protections for trusted content -- usually a specific > JAR file, etc. > > If you are going to do that, you need to attempt privileged "actions" > everywhere your driver code is going to do something that requires > such privileges. If the student code tries to do something forbidden > (e.g. System.exit), they'll get a SecurityException. If you try to do > it without a privileged action, you'll also get an exception. > >> The other thing is that I want the policy file to be in my >> testsuite project and configure it on demand when deploying the >> student solutions. Currently I create an instance of >> StandardContext for each student web application, then I configure >> the context and finally add it to the host of the server. What do I >> need to configure, to apply the policy in this case? > You have to apply the policy when you launch the JVM via system > properties on the command-line. Fortunately, all of your privileged > code should be known in advance, so you shouldn't have to adjust > anything for student-submitted code: all their stuff is limited by > your policy. > > Remember that you have to give Tomcat all the privileges *it* needs as > well as your own code. Check the catalina.policy file to see what > privileges are necessary to properly run Tomcat under a SecurityManager. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJReBLUAAoJEBzwKT+lPKRYzOAP/iEB1IPyKjSSY/74IjYqR31G > wzF6/HuEzwauYgdCxugxFhiogskUsHGnbgKtd4I0hGRtXwfLQf02c5foR6pV04F3 > dy4ViYvXTvTLgM6YqcqDEClFigfJdRZdqb26bRUvbrSacTAgp6ifm2Tc7yBpkcR2 > rWo0/zdCQTATHlryKnAtfpx0jngoXmyMxrNVH1efw36zN/C50zq26ri9VMG9vEcE > TOy8w8lscj8PaCKj5e0skgvwKWjGrH4gplLOW07STK0Mtpb4rfSL5iua73CoaPsD > PvnzlfgJsYWhlzWF6mExKlTDP+9UmC1195VSfVb3yPdSREf+Lk+PcpAIRnqj4Zma > ZAQys1LcM5CUPzq4y6T4dokGDIXpwsBaphN7S4MKDp+vgb2W0Z6UbidjkUHiZ25r > 1dPbt67f3Ro6gYRO/ggorc9y5/0yYs6xjaA9SuM7xvm4uGG4lEn092f6FBnd0+OZ > 7t/6IylDSP5+CxCmXrPBu9TeJppq42biVz8VJaM+BJjlDKU6BIn+P2qPR/N1C2QK > wR8aSbcxzKWekSkLv5VCnErCDbx+YekMWVfVfuQobQkMIha977cBHlqc+jhioG2g > QIHaMAPA6JQMEQdSHrob98QirBI9FfZSDDdWQ/w9BuaAT3+bXXPKvUvgbLz14vN+ > CLya7aynTMumUFHBnnv2 > =MeqU > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------000406010802000204070602--