Tomcat SecurityManager XML Policy configuration -----------------------------------------------
I have finished implementing support within Tomcat for using XML based security policy files. This was proposed and discussed on the list back 3-4 months ago. I would like to commit this to the jakarta-tomcat-4.0 CVS HEAD and have it included in future 4.1.x releases. Initially it could be listed as either experimental, alpha, or beta. Whichever we decide. - This new feature is fully backward compatible with current methods of using catalina.policy. Use of the XML based policy is invoked by using the -security-xml startup option instead of -security. - Catalina can be compiled without support for use of an XML policy. To build with support for an XML policy the Castor XML Schema jar file and the Jakarta ORO jar files must both be present. http://castor.exolab.org/ http://jakarta.apache.org/oro/ Here is a URL to the updated Security Manager HOW-TO which documents the new XML Policy features. http://duke.more.net/~glenn/tomcat-docs/security-manager-howto.html#Optional%20XML%20Policy%20Configuration Please review the above before voting. If you are interested in looking at the code before I commit I could create a patch file with all the changes against jakarta-tomcat-4.0 CVS HEAD and make it available. Just let me know. Here is a ballot. I would prefer not creating a Tomcat 4.2 development branch yet, that just adds more CVS branches to commit bug fixes to. <ballot> [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD and include it in future release of Tomcat 4.1.x [ ] commit to CVS but don't add to the next release [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) [ ] -1 Don't commit to CVS (Please explain why) </ballot> Thanks, Glenn -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>