Re: [Resin-interest] Security Manager and JSPs
Hi,
Is it really so that nobody uses JSPs and SecurityManager with Resin?
:) Could this problem be solved by pre-compiling jsps to Java classes?
Now we just let Resin handle the compilation from directories under
WEB-INF.
Cheers,
Kai
2009/8/25 Kai Virkki kai.vir...@gmail.com:
Hi!
We are trying to use SecurityManager with Resin 3.1.9 and run into the
following problem: CodeSource.getLocation() returns null for compiled
JSPs.
This means that we cannot use a specific codebase in grant clause in
our policy file, for example:
grant codeBase file:/path_to_resin/runtime/work/- {
OR grant codeBase file:/path_to_resin/webapp/JSP-source/- {
...some jsp-specific permissions
};
Instead, we have to use a universal grant clause:
grant {
..some jsp-specific permissions. Unfortunately, these will be applied
to all code!!!
};
Is there a way to make JSPs have a proper CodeSource?
Cheers,
Kai
___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Non-Hessian file store?
http://docs.jboss.org/hibernate/stable/core/reference/en/html/transactions.html#transactions-basics-apptx Jon Stevens wrote (2009-08-26 21:48): You put Hibernate objects into the session? jon On Wed, Aug 26, 2009 at 8:37 AM, Mattias Jiderhamn mj-li...@expertsystems.se mailto:mj-li...@expertsystems.se wrote: In Resin 4 persistent-store type=file seems to use Hessian for serializing the session values. This causes some trouble for us since Hessian in some cases tries to access uninitialized Hibernate collections after the session/transaction is closed. Is there a way to revert Resin 4 to the old behaviour...? -- /Mattias ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Security Manager and JSPs
Hi,
The only server where we have to limit such things is still using a
Resin 2.1.17, but in case it helps, that's how we do it:
We configure the application to have the work directory in a specifc
place (.../ServerX/work/) and then...
... global restricted permissions for everyone.
... all permissions for core classes and Resin classes.
//
// Give a specific web-app additional permissions.
//
grant codeBase file:${user.home}/Apps/ServerX/AppY/- {
permission java.io.FilePermission
${user.home}/Apps/ServerX/AppY/-, read,write,delete;
permission java.io.FilePermission ${resin.home}/WEB-INF/-,
read;
permission java.io.FilePermission
${user.home}/Apps/ServerX/work/-, read,write;
permission java.io.FilePermission
${user.home}/Apps/ServerX/work/, read,write;
};
grant codeBase file:${user.home}/Apps/ServerX/work/- {
permission java.io.FilePermission ${resin.home}/WEB-INF/-,
read;
permission java.io.FilePermission
${user.home}/Apps/ServerX/work/-, read,write;
permission java.io.FilePermission
${user.home}/Apps/ServerX/work/, read,write;
};
In this case the App uses an in-memory database that is stored inside
WEB-INF/db, so no network access is required. For the JSPs, codeBase
file:${user.home}/Apps/ServerX/work/- works for us as that's where the
.class files are generated.
But as I've said, that is a 2.1.17 installation so some things might
have changed for Resin 3.X. I remember it was quite a pain of trial and
error to get to this in the first place, so that's why I haven't updated
it in a while :).
D.
Kai Virkki escribió:
Hi,
Is it really so that nobody uses JSPs and SecurityManager with Resin?
:) Could this problem be solved by pre-compiling jsps to Java classes?
Now we just let Resin handle the compilation from directories under
WEB-INF.
Cheers,
Kai
2009/8/25 Kai Virkki kai.vir...@gmail.com:
Hi!
We are trying to use SecurityManager with Resin 3.1.9 and run into the
following problem: CodeSource.getLocation() returns null for compiled
JSPs.
This means that we cannot use a specific codebase in grant clause in
our policy file, for example:
grant codeBase file:/path_to_resin/runtime/work/- {
OR grant codeBase file:/path_to_resin/webapp/JSP-source/- {
...some jsp-specific permissions
};
Instead, we have to use a universal grant clause:
grant {
..some jsp-specific permissions. Unfortunately, these will be applied
to all code!!!
};
Is there a way to make JSPs have a proper CodeSource?
Cheers,
Kai
___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Non-Hessian file store?
Well, there are different opinions about DTOs too. I assume you've heard (Spring developer) Rod Johnsons take on the matter...? /Mattias Jon Stevens wrote (2009-08-27 17:35): Yea, just cause Hibernate has that feature doesn't mean it is a good feature. =) You may want to consider the DTO pattern... http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObject.html I've found that over time, the pain of creating and dealing with DTO's is mitigated by the cleanliness of it and you don't run into weird issues like you are running into... jon On Thu, Aug 27, 2009 at 12:05 AM, Mattias Jiderhamn mj-li...@expertsystems.se mailto:mj-li...@expertsystems.se wrote: http://docs.jboss.org/hibernate/stable/core/reference/en/html/transactions.html#transactions-basics-apptx Jon Stevens wrote (2009-08-26 21:48): You put Hibernate objects into the session? jon On Wed, Aug 26, 2009 at 8:37 AM, Mattias Jiderhamn mj-li...@expertsystems.se mailto:mj-li...@expertsystems.se wrote: In Resin 4 persistent-store type=file seems to use Hessian for serializing the session values. This causes some trouble for us since Hessian in some cases tries to access uninitialized Hibernate collections after the session/transaction is closed. Is there a way to revert Resin 4 to the old behaviour...? -- /Mattias ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
[Resin-interest] How to set checking interval for war redeploy?
I tried many ways to set dependency-check-interval to 2s in resin.xml without any success. Resin 4.0.1 still checks war file change by 60 s, which is the default value. I attached a diff file about one of the configurations. ps: The web-app-deploy schema section in the documentation still lists this attribute as redeploy-check-interval which is likely an obsolete name. See here: http://caucho.com/resin/reference/webapp-tags.xtp#web-app-deploy Also the section refers to attributes in the title, but it refers to elements in the scheme. I am not sure, but it seems that this section lists elements not attributes. Maybe some of them can be both attributes and elements. --- C:/resin/conf/resin.xml Cs aug. 27 23:59:03 2009 +++ C:/resin/conf/resin.xml.origSze ápr. 29 18:51:48 2009 @@ -38,7 +38,7 @@ - level='info' for production - 'fine' or 'finer' for development and troubleshooting -- - logger name=com.caucho level=fine/ + logger name=com.caucho level=info/ logger name=com.caucho.java level=config/ logger name=com.caucho.loader level=config/ @@ -96,9 +96,7 @@ rollover-period=1W/ !-- creates the webapps directory for .war expansion -- - web-app-deploy path=webapps dependency-check-interval=2s/ - dependency-check-interval2s/dependency-check-interval - + web-app-deploy path=webapps/ /host-default !-- @@ -143,7 +141,7 @@ http address=* port=8080/ !-- SSL port configuration: -- - http address=* port=8444 + http address=* port=8443 jsse-ssl self-signed-certificate-name=re...@localhost/ /http @@ -169,8 +167,6 @@ !-- the default host, matching any host name -- host id= root-directory=. - dependency-check-interval2s/dependency-check-interval - !-- - configures an explicit root web-app matching the - webapp's ROOT ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Non-Hessian file store?
I haven't heard Rod's take on the matter (got url?), but then again I'm also not having problems with Hessian doing strange things to my objects. wink / jon On Thu, Aug 27, 2009 at 9:24 AM, Mattias Jiderhamn mj-li...@expertsystems.se wrote: Well, there are different opinions about DTOs too. I assume you've heard (Spring developer) Rod Johnsons take on the matter...? /Mattias Jon Stevens wrote (2009-08-27 17:35): Yea, just cause Hibernate has that feature doesn't mean it is a good feature. =) You may want to consider the DTO pattern... http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObject.html I've found that over time, the pain of creating and dealing with DTO's is mitigated by the cleanliness of it and you don't run into weird issues like you are running into... jon On Thu, Aug 27, 2009 at 12:05 AM, Mattias Jiderhamn mj-li...@expertsystems.se wrote: http://docs.jboss.org/hibernate/stable/core/reference/en/html/transactions.html#transactions-basics-apptx Jon Stevens wrote (2009-08-26 21:48): You put Hibernate objects into the session? jon On Wed, Aug 26, 2009 at 8:37 AM, Mattias Jiderhamn mj-li...@expertsystems.se wrote: In Resin 4 persistent-store type=file seems to use Hessian for serializing the session values. This causes some trouble for us since Hessian in some cases tries to access uninitialized Hibernate collections after the session/transaction is closed. Is there a way to revert Resin 4 to the old behaviour...? -- /Mattias ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
