I am trying to implement resin as an ISP for many hosts in a shared
environment.  We are setting up resin to run with a separate JVM per host
and we hope to use the security manager to restrict server rights per user.


1.)     We want to prohibit users from reading system files.

2.)     We want to prohibit malicious attacks via java, i.e. system.exit();


I have included <security-manager/> with the resin.conf file and we are
using <jvm-arg>-Djava.security.policy=file:/mypolicy/resin.policy</jvm-arg>.
When the system restarts, it does not appear that it is using the policy
file that we specified.  After restart a JSP page is still able to read all
files on server and execute system.exit.  Can anybody please help me to
identify what I am missing.


Lastly the resin.policy file does not have anything granted.





resin-interest mailing list

Reply via email to