Berin Loritsch wrote:
BTW, what resources did you use to dig up on the Java security model?I wish I had some links as well. I figured it out by first realizing that the compiled JSP pages
It would be beneficial if we had some links.
in Jetty were somehow being assigned privileges when their source directories were listed
in the policy file.
After lots of digging around the java docs, I noticed a getProtectionDomain method in the
Class class.
To figure it out, I added code like the following in the JSP page:
<%
Class clazz = this.getClass();
System.out.println( clazz.getProtectionDomain() );
System.out.println( clazz.getProtectionDomain().getCodeSource() );
System.out.println( clazz.getProtectionDomain().getPermissions() );
%>
That printed out lots of useful information that I had not seen before. Once I figured out
that these were the classes involved. I started checking out and then searching through
the code bases of Tomcat, Jetty, etc.. to try and figure out how they were used.
Long story short, it took time and patience. If you have any questions though, I think
I have a fairly good grasp on how it all works now though.
Cheers, Leif
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Apache Excalibur Project -- URL: http://excalibur.apache.org/
