Hi Joey,

I'm using this with Resin 2.1.17 and I just specify 
-Djava.security.policy=/path_to_file at the command line when executing 

However, if I'm not mistaken, with 3.1.2 you would need to specify it 
through the resin.conf file with
at the <server-default> level, for example.

Regarding load balancing: no, I don't use any load balancer but as you 
say that should not make a difference. You simply need to create an 
empty policy file or with the most basic permissions and with that you 
will be able to check if Resin is reading & applying the policy file or 
not. If it does, Resin won't start as you need to explicitely give 
permission to the Caucho classes to be able to open ports, create 
temporary files etc. so you will see inmediately.

I'll do a quick test on a local Resin 3.1.2 to see if it works as 
expected and come back to you.


Mktg. Incorporate Fast escribió:
> Hi Daniel,
> Thanks so much for your response!
> I have tried specifying it through the command line and also through the
> resin.conf file.  Neither seems to work, and I have tried with 3.1.2, and
> two recent snapshots. 
> In your environment do you use a load balancer?  I am using Apache 2.0 to
> pass traffic back to resin.  I suppose I could try to use Resin as the load
> balancer, but I don't think that should make a difference.
> With a completely empty policy file, shouldn't java be prevented from
> reading files?  Tomcat seems to handle this feature very well and I am maybe
> doing things wrong.
> 1.)  Start Apache as load balancer.
> 2.)  Start resin on port 6802
> 3.)  Start subsequent JVM's to load additional sites 6803,6804,6805,etc....
> 4.)  Prevent users from maliciously using java with the <security-manager/>
> tag and a resin.policy file that locks down the entire java application.  I
> don't want the users to have any rights unless I grant them the specific
> rights to do things.  
> Thanks again for your help!
> Joey

resin-interest mailing list

Reply via email to