tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ANALIA DE PEDRO SANTAMARIA <100074...@alumnos.uc3m.es>
Subject Re: Restrict the use of JDK classes Tomcat 7 or 6
Date Mon, 11 Nov 2013 15:25:00 GMT
Hello,

I have been working with the Security Manager and I think it is a good
aproximation of what I need, thank you very much for the advice. I have
read that it is possible to create your own Permission class, but I haven't
found any documentation or example. Could anybody tell me where I can find
information about create a Permission class?

Thank you very much.


2013/10/23 Caldarale, Charles R <Chuck.Caldarale@unisys.com>

> > From: Christopher Schultz [mailto:chris@christopherschultz.net]
> > Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6
>
> > When you say "Java classes", are you talking about re-defining
> > something like java.lang.String? If so, then the servlet spec (3.0:
> > 10.7.2) prohibits web applications from loading classes from any of
> > these packages from a web application class loader.
> >   java.*
> >   javax.*
> > Looking at current trunk, Tomcat appears to take a lazy view and just
> > look for these two classes:
> >   javax.servlet.Servlet
> >   javax.el.Expression
> > So it looks like you might be able to redefine java.lang.String if you
> > want.
>
> As I recall, the JVM itself prevents loading of java.* classes from
> anywhere other than the registered JRE jar locations.  Not sure about
> javax.* classes.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message