tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rune Hamnvik" <r...@mobinor.no>
Subject SecurityManager and codeBase
Date Mon, 22 Apr 2002 11:58:26 GMT
Hello
We planned to start using the SecutiryManager on our Tomcat installations,
but we have problems getting the SecurityManager to work as supposed to. We
have a project located under the webapps catalog called isp. The application
works well if we set up the catalina.policy file with the following rules
(specifying no codeBase):
grant {
      permission java.net.SocketPermission "localhost:1599", "connect"; //
Naming lookup
      permission java.net.SocketPermission "localhost:43163", "connect";
// EJB lookup
      permission java.net.SocketPermission "localhost:6666", "connect"; //
RMI to EJB server
      permission java.net.SocketPermission "localhost:389", "connect";  //
LDAP access
      permission java.net.SocketPermission "localhost:25", "connect";   //
SMTP access
      permission java.lang.RuntimePermission "accessDeclaredMembers";
      permission java.security.SecurityPermission "insertProvider.SunJCE";
      permission java.util.PropertyPermission "*", "read,write";
};

But if add the codeBase attribute to the grant part, the application stops
working. Here is the updated grant part:

grant codeBase "file:${catalina.home}/webapps/isp/-" {
      permission java.net.SocketPermission "localhost:1599", "connect"; //
Naming lookup
      permission java.net.SocketPermission "localhost:43163", "connect";
// EJB lookup
      permission java.net.SocketPermission "localhost:6666", "connect"; //
RMI to EJB server
      permission java.net.SocketPermission "localhost:389", "connect";  //
LDAP access
      permission java.net.SocketPermission "localhost:25", "connect";   //
SMTP access
      permission java.lang.RuntimePermission "accessDeclaredMembers";
      permission java.security.SecurityPermission "insertProvider.SunJCE";
      permission java.util.PropertyPermission "*", "read,write";
};

Are we doing any wrong ? We have tested on both RedHat 7.2 and Win 2000,
using JDK1.4.0. We have tried Tomcat 4.0.1, 4.0.3 and the 4.0.4 beta 2
version.

We know of the bug report: Bugzilla Bug 7319 codeBase in catalina.policy
broken with jars
But this bug seems to have been rejected.

Anyone have any idea ?

Rune Hamnvik
Mobinor
Norway


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message