tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aurélien Terrestris <aterrest...@gmail.com>
Subject Re: Restrict the use of JDK classes Tomcat 7 or 6
Date Mon, 11 Nov 2013 15:59:40 GMT
Hello Analia

I'm glad that you could play successfully with the Security Manager as
I advised first :D


About permissions, here you have a doc :

http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc3.html#20211

best regards

2013/11/11 ANALIA DE PEDRO SANTAMARIA <100074002@alumnos.uc3m.es>:
> Hello,
>
> I have been working with the Security Manager and I think it is a good
> aproximation of what I need, thank you very much for the advice. I have
> read that it is possible to create your own Permission class, but I haven't
> found any documentation or example. Could anybody tell me where I can find
> information about create a Permission class?
>
> Thank you very much.
>
>
> 2013/10/23 Caldarale, Charles R <Chuck.Caldarale@unisys.com>
>
>> > From: Christopher Schultz [mailto:chris@christopherschultz.net]
>> > Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6
>>
>> > When you say "Java classes", are you talking about re-defining
>> > something like java.lang.String? If so, then the servlet spec (3.0:
>> > 10.7.2) prohibits web applications from loading classes from any of
>> > these packages from a web application class loader.
>> >   java.*
>> >   javax.*
>> > Looking at current trunk, Tomcat appears to take a lazy view and just
>> > look for these two classes:
>> >   javax.servlet.Servlet
>> >   javax.el.Expression
>> > So it looks like you might be able to redefine java.lang.String if you
>> > want.
>>
>> As I recall, the JVM itself prevents loading of java.* classes from
>> anywhere other than the registered JRE jar locations.  Not sure about
>> javax.* classes.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail and
>> its attachments from all computers.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message