Hi again, A quick test and indeed the jvm-arg seems to be ignored. Weird.
D. Daniel López escribió: > Hi Joey, > > I'm using this with Resin 2.1.17 and I just specify > -Djava.security.policy=/path_to_file at the command line when executing > httdp.sh. > > However, if I'm not mistaken, with 3.1.2 you would need to specify it > through the resin.conf file with > ... > <jvm-arg>-Djava.security.policy=/path_to_file</jvm-arg> > ... > at the <server-default> level, for example. > > Regarding load balancing: no, I don't use any load balancer but as you > say that should not make a difference. You simply need to create an > empty policy file or with the most basic permissions and with that you > will be able to check if Resin is reading & applying the policy file or > not. If it does, Resin won't start as you need to explicitely give > permission to the Caucho classes to be able to open ports, create > temporary files etc. so you will see inmediately. > > I'll do a quick test on a local Resin 3.1.2 to see if it works as > expected and come back to you. > > S! > D. > > > Mktg. Incorporate Fast escribió: >> Hi Daniel, >> >> Thanks so much for your response! >> >> I have tried specifying it through the command line and also through the >> resin.conf file. Neither seems to work, and I have tried with 3.1.2, and >> two recent snapshots. >> >> In your environment do you use a load balancer? I am using Apache 2.0 to >> pass traffic back to resin. I suppose I could try to use Resin as the load >> balancer, but I don't think that should make a difference. >> >> With a completely empty policy file, shouldn't java be prevented from >> reading files? Tomcat seems to handle this feature very well and I am maybe >> doing things wrong. >> >> 1.) Start Apache as load balancer. >> 2.) Start resin on port 6802 >> 3.) Start subsequent JVM's to load additional sites 6803,6804,6805,etc.... >> 4.) Prevent users from maliciously using java with the <security-manager/> >> tag and a resin.policy file that locks down the entire java application. I >> don't want the users to have any rights unless I grant them the specific >> rights to do things. >> >> Thanks again for your help! >> >> Joey _______________________________________________ resin-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/resin-interest
