That's the Inspektr stats log. I didn't see anything offhand in the CAS distribution, so before I go lose myself in policy files (1) is the CAS server 'supported' running under the security manager, (2) anyone run it this way in production, (3) if so, is a sample policy file available?
I have not tried, but it's almost certainly not feasible if possible. There would be so many permissions needed from IO to runtime code access that the security policy you would need would be so full of holes that you could drive a truck through. I have some experience trying to develop a security policy for an even larger enterprise app and it was simply not feasible. The takeaway is that applications should be assumed incompatible with the Java security manager unless they are explicitly designed for support, which comes at substantial cost (time, development effort, support cost, headaches).
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
