Hello,
I'm using Tomcat 6.0 with the "security" option in order to assign different
permissions to several webapps running within the Tomcat security sandbox.
However, I've encountered the following effect when I activate the
antiJARLocking and antiResourceLocking flags in the context.xml file of my
webapp:
As these flags cause the server to copy all the files of my webapp to the temp
directory at runtime, the codeBase for the webapp also changes - but the
SecurityManager doesn't recognise that it has changed. Consequently, the
permissions for the specific webapp that I defined in catalina.policy actually
don't apply and I get an "access denied" exception. I have searched the web,
the security FAQ and newsgroups for a hint or a workaround, but with no
success. With the help of the java.security.debug=all option I came to the
workaround to simply set the codeBase in the catalina.policy file to the new
location within the temp directory:
grant codeBase "file:${catalina.home}/temp/1-foo/-" {
/* list of assigned permissions */
};
With this workaround everything works fine. However, the numeric prefix (e.g.
"1-") of the webapp copied to the temp folder eventually changes, for instance
when I redeploy the webapp or when I clear the temp directory. As a result, I
always have to keep the catalina.policy file up-to-date with the current prefix
of the webapp, otherwise the permissions fail.
So, my question is, if this behavior is known and if there is a more elegant
way to solve this problem, maybe by an internal mapping of the original
codeBase of the webapp in ${catalina.home}/webapps/ to the
${catalina.home}/temp/ directory which then would be transparent for the
SecurityManager?
Thanks in advance and best regards,
Markus
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
