Hi again,

A quick test and indeed the jvm-arg seems to be ignored. Weird.


Daniel López escribió:
> Hi Joey,
> I'm using this with Resin 2.1.17 and I just specify 
> -Djava.security.policy=/path_to_file at the command line when executing 
> httdp.sh.
> However, if I'm not mistaken, with 3.1.2 you would need to specify it 
> through the resin.conf file with
> ...
> <jvm-arg>-Djava.security.policy=/path_to_file</jvm-arg>
> ...
> at the <server-default> level, for example.
> Regarding load balancing: no, I don't use any load balancer but as you 
> say that should not make a difference. You simply need to create an 
> empty policy file or with the most basic permissions and with that you 
> will be able to check if Resin is reading & applying the policy file or 
> not. If it does, Resin won't start as you need to explicitely give 
> permission to the Caucho classes to be able to open ports, create 
> temporary files etc. so you will see inmediately.
> I'll do a quick test on a local Resin 3.1.2 to see if it works as 
> expected and come back to you.
> S!
> D.
> Mktg. Incorporate Fast escribió:
>> Hi Daniel,
>> Thanks so much for your response!
>> I have tried specifying it through the command line and also through the
>> resin.conf file.  Neither seems to work, and I have tried with 3.1.2, and
>> two recent snapshots. 
>> In your environment do you use a load balancer?  I am using Apache 2.0 to
>> pass traffic back to resin.  I suppose I could try to use Resin as the load
>> balancer, but I don't think that should make a difference.
>> With a completely empty policy file, shouldn't java be prevented from
>> reading files?  Tomcat seems to handle this feature very well and I am maybe
>> doing things wrong.
>> 1.)  Start Apache as load balancer.
>> 2.)  Start resin on port 6802
>> 3.)  Start subsequent JVM's to load additional sites 6803,6804,6805,etc....
>> 4.)  Prevent users from maliciously using java with the <security-manager/>
>> tag and a resin.policy file that locks down the entire java application.  I
>> don't want the users to have any rights unless I grant them the specific
>> rights to do things.  
>> Thanks again for your help!
>> Joey

resin-interest mailing list

Reply via email to