Hi, The only server where we have to limit such things is still using a Resin 2.1.17, but in case it helps, that's how we do it:
We configure the application to have the work directory in a specifc place (.../ServerX/work/) and then... ... global restricted permissions for everyone. ... all permissions for core classes and Resin classes. // // Give a specific web-app additional permissions. // grant codeBase "file:${user.home}/Apps/ServerX/AppY/-" { permission java.io.FilePermission "${user.home}/Apps/ServerX/AppY/-", "read,write,delete"; permission java.io.FilePermission "${resin.home}/WEB-INF/-", "read"; permission java.io.FilePermission "${user.home}/Apps/ServerX/work/-", "read,write"; permission java.io.FilePermission "${user.home}/Apps/ServerX/work/", "read,write"; }; grant codeBase "file:${user.home}/Apps/ServerX/work/-" { permission java.io.FilePermission "${resin.home}/WEB-INF/-", "read"; permission java.io.FilePermission "${user.home}/Apps/ServerX/work/-", "read,write"; permission java.io.FilePermission "${user.home}/Apps/ServerX/work/", "read,write"; }; In this case the App uses an in-memory database that is stored inside WEB-INF/db, so no network access is required. For the JSPs, codeBase "file:${user.home}/Apps/ServerX/work/-" works for us as that's where the .class files are generated. But as I've said, that is a 2.1.17 installation so some things might have changed for Resin 3.X. I remember it was quite a pain of trial and error to get to this in the first place, so that's why I haven't updated it in a while :). D. Kai Virkki escribió: > Hi, > > Is it really so that nobody uses JSPs and SecurityManager with Resin? > :) Could this problem be solved by pre-compiling jsps to Java classes? > Now we just let Resin handle the compilation from directories under > WEB-INF. > > Cheers, > > Kai > > 2009/8/25 Kai Virkki <kai.vir...@gmail.com>: >> Hi! >> >> We are trying to use SecurityManager with Resin 3.1.9 and run into the >> following problem: CodeSource.getLocation() returns null for compiled >> JSPs. >> >> This means that we cannot use a specific codebase in grant clause in >> our policy file, for example: >> >> grant codeBase "file:/path_to_resin/runtime/work/-" { >> OR grant codeBase "file:/path_to_resin/webapp/JSP-source/-" { >> ...some jsp-specific permissions >> }; >> >> Instead, we have to use a universal grant clause: >> grant { >> ..some jsp-specific permissions. Unfortunately, these will be applied >> to all code!!! >> }; >> >> Is there a way to make JSPs have a proper CodeSource? >> >> Cheers, >> >> Kai _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest