Hello, I'm using Tomcat 6.0 with the "security" option in order to assign different permissions to several webapps running within the Tomcat security sandbox. However, I've encountered the following effect when I activate the antiJARLocking and antiResourceLocking flags in the context.xml file of my webapp:
As these flags cause the server to copy all the files of my webapp to the temp directory at runtime, the codeBase for the webapp also changes - but the SecurityManager doesn't recognise that it has changed. Consequently, the permissions for the specific webapp that I defined in catalina.policy actually don't apply and I get an "access denied" exception. I have searched the web, the security FAQ and newsgroups for a hint or a workaround, but with no success. With the help of the java.security.debug=all option I came to the workaround to simply set the codeBase in the catalina.policy file to the new location within the temp directory: grant codeBase "file:${catalina.home}/temp/1-foo/-" { /* list of assigned permissions */ }; With this workaround everything works fine. However, the numeric prefix (e.g. "1-") of the webapp copied to the temp folder eventually changes, for instance when I redeploy the webapp or when I clear the temp directory. As a result, I always have to keep the catalina.policy file up-to-date with the current prefix of the webapp, otherwise the permissions fail. So, my question is, if this behavior is known and if there is a more elegant way to solve this problem, maybe by an internal mapping of the original codeBase of the webapp in ${catalina.home}/webapps/ to the ${catalina.home}/temp/ directory which then would be transparent for the SecurityManager? Thanks in advance and best regards, Markus --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]