tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Sexton <>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 17:55:09 GMT

Rainer Jung wrote:
> As far as I understand the issue, the solution is to use the correct 
> security manager profile. In catalina.policy there is already a comment 
> how to do that (search for "per context logging").

I'm not doing per context logging and I don't want to. That's what I 
find terribly frustrating. Something I'm not trying to do is breaking my 

I have 250+ virtual hosts per tomcat instance. It seems like a lot of 
overhead that I'm not interested in.

> Even with Marks patch (or with his plus mine), there would still be the 
> problem of the container not able to read from a 
> context without giving it permissions. 

Since I have no desire to do per-context logging, this doesn't bother me.

 > The only difference that the
> patch makes, is that it swallows the exception resp. logs it.
> Can you shortly describe
> - if adding the correct configuration to catalina.policy fixes your problem

How would I add the correct configuration to catalina.policy for 250 
virtual hosts/contexts into catalina.policy?

It seems to me that I would have to either make many entries or make one 
generic entry that over-assigns permissions.

Complicating matters, using the host manager, I deploy new virtual 
hosts/contexts on the fly while the servlet engine is running. Is there 
a mechanism for dynamically updating catalina.policy?

> - why not having those lines breaks your application and this breakage 
> is not happening with the patch? Is it because the 
> AccessControlException is not caught?

Yes. The AccessControlException is not caught within Tomcat, and it 
terminates the execution of my servlet.

George Sexton
MH Software, Inc.
Voice: +1 303 438 9585

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message