And last but not least, that might be related:
http://bugs.caucho.com/view.php?id=1934

It says it has been fixed, but I have been unable to get it to work with 
the latests snapshot.

Moreover, if I specify -Djava.security.debug=all through the command 
line or the resin.conf file, all I get is Resin to hang and not start, 
so I'm still not sure if the policy file is being applied or not.

The fix might not be in the latest snapshot though.

S!
D.




Daniel López escribió:
> Hi Joey,
> 
> I'm using this with Resin 2.1.17 and I just specify 
> -Djava.security.policy=/path_to_file at the command line when executing 
> httdp.sh.
> 
> However, if I'm not mistaken, with 3.1.2 you would need to specify it 
> through the resin.conf file with
> ...
> <jvm-arg>-Djava.security.policy=/path_to_file</jvm-arg>
> ...
> at the <server-default> level, for example.
> 
> Regarding load balancing: no, I don't use any load balancer but as you 
> say that should not make a difference. You simply need to create an 
> empty policy file or with the most basic permissions and with that you 
> will be able to check if Resin is reading & applying the policy file or 
> not. If it does, Resin won't start as you need to explicitely give 
> permission to the Caucho classes to be able to open ports, create 
> temporary files etc. so you will see inmediately.
> 
> I'll do a quick test on a local Resin 3.1.2 to see if it works as 
> expected and come back to you.
> 
> S!
> D.
> 
> 
> Mktg. Incorporate Fast escribió:
>> Hi Daniel,
>>
>> Thanks so much for your response!
>>
>> I have tried specifying it through the command line and also through the
>> resin.conf file.  Neither seems to work, and I have tried with 3.1.2, and
>> two recent snapshots. 
>>
>> In your environment do you use a load balancer?  I am using Apache 2.0 to
>> pass traffic back to resin.  I suppose I could try to use Resin as the load
>> balancer, but I don't think that should make a difference.
>>
>> With a completely empty policy file, shouldn't java be prevented from
>> reading files?  Tomcat seems to handle this feature very well and I am maybe
>> doing things wrong.
>>
>> 1.)  Start Apache as load balancer.
>> 2.)  Start resin on port 6802
>> 3.)  Start subsequent JVM's to load additional sites 6803,6804,6805,etc....
>> 4.)  Prevent users from maliciously using java with the <security-manager/>
>> tag and a resin.policy file that locks down the entire java application.  I
>> don't want the users to have any rights unless I grant them the specific
>> rights to do things.  
>>
>> Thanks again for your help!
>>
>> Joey



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to