On Thursday 22 January 2004 07:20, Alex Karasulu wrote: > Niclas, > > > Good point, but it is likely that the 'outer container' (Tomcat or > > whatever) has established not only the security manager, but more > > importantly the policy for the Merlin container. In such case, we would > > need to handle the case where we are not allowed to further restrain the > > permssions of the thread (i.e. if we don't have > > createAccessControlContext (or what ever it is called) rights). > > Stupid question but just wondering. > > Would this still be an issue if Merlin is deemed a privledged peice of > code running in the embedding container?
If Merlin is consider "trusted" but the whole application is "secured", then the outer container needs to establish AllPermissions for Merlin, and in turn Merlin can be configured to limit the Permissions to the components it is managing. If the whole application is trusted, then security can be turned off. Please note that Security=On doesn't work at the moment, and I am travelling back to Malaysia during the weekend so I doubt it will be fixed within a week. The initial attempt was to gain some experience, and make sure that "security=off" works as before, which I believe to be the case. Niclas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
