Hi again,

A quick test and indeed the jvm-arg seems to be ignored. Weird.

D.


Daniel López escribió:
> Hi Joey,
> 
> I'm using this with Resin 2.1.17 and I just specify 
> -Djava.security.policy=/path_to_file at the command line when executing 
> httdp.sh.
> 
> However, if I'm not mistaken, with 3.1.2 you would need to specify it 
> through the resin.conf file with
> ...
> <jvm-arg>-Djava.security.policy=/path_to_file</jvm-arg>
> ...
> at the <server-default> level, for example.
> 
> Regarding load balancing: no, I don't use any load balancer but as you 
> say that should not make a difference. You simply need to create an 
> empty policy file or with the most basic permissions and with that you 
> will be able to check if Resin is reading & applying the policy file or 
> not. If it does, Resin won't start as you need to explicitely give 
> permission to the Caucho classes to be able to open ports, create 
> temporary files etc. so you will see inmediately.
> 
> I'll do a quick test on a local Resin 3.1.2 to see if it works as 
> expected and come back to you.
> 
> S!
> D.
> 
> 
> Mktg. Incorporate Fast escribió:
>> Hi Daniel,
>>
>> Thanks so much for your response!
>>
>> I have tried specifying it through the command line and also through the
>> resin.conf file.  Neither seems to work, and I have tried with 3.1.2, and
>> two recent snapshots. 
>>
>> In your environment do you use a load balancer?  I am using Apache 2.0 to
>> pass traffic back to resin.  I suppose I could try to use Resin as the load
>> balancer, but I don't think that should make a difference.
>>
>> With a completely empty policy file, shouldn't java be prevented from
>> reading files?  Tomcat seems to handle this feature very well and I am maybe
>> doing things wrong.
>>
>> 1.)  Start Apache as load balancer.
>> 2.)  Start resin on port 6802
>> 3.)  Start subsequent JVM's to load additional sites 6803,6804,6805,etc....
>> 4.)  Prevent users from maliciously using java with the <security-manager/>
>> tag and a resin.policy file that locks down the entire java application.  I
>> don't want the users to have any rights unless I grant them the specific
>> rights to do things.  
>>
>> Thanks again for your help!
>>
>> Joey



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to