tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 19:17:41 GMT
George Sexton schrieb:
> Rainer Jung wrote:
> I have 250+ virtual hosts per tomcat instance. It seems like a lot of
> overhead that I'm not interested in.
> How would I add the correct configuration to catalina.policy for 250
> virtual hosts/contexts into catalina.policy?
> It seems to me that I would have to either make many entries or make one
> generic entry that over-assigns permissions.
> Complicating matters, using the host manager, I deploy new virtual
> hosts/contexts on the fly while the servlet engine is running. Is there
> a mechanism for dynamically updating catalina.policy?

How about adding something like

   "${catalina.base}${file.separator}webapps/-", "read";

to the block starting with

   grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar"

The security manager should mainly protect you somehow against malicious
 webapp code. So giving those permissions to tomcat-juli doesn't seem to
be to big a problem. You can even narrow that down to giving it only to
the class org.apache.juli.ClassLoaderLogManager.

I don't know how the file system layout of the webapps for all your
vhosts looks like, but wouldn't something like this be a good compromise
for 5.5.27?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message