> Remy Maucherat wrote: > > > > > If you can point me out where in Catalina code I could take a look, I'll > > appreciate. > > > Also if you need a beta-tester for your application, you count on me. > > > > No need to submit a patch; it is quite easy to set simpler URLs for the > > CodeSource location, but apprently Glenn likes the possibility to set > > per-class permissions (a feature I introduced by accident when coding the > > WCL). > > > > I was just commenting on how it currently works. I really don't see a need > to fine tune security down to the individual class in a jar.
Ok. > If the WebappClassLoader were changed so that policies granted as follows > worked I would be happy. Of course the code base for the web application > context and jar files would still be different due to how the WebappClassLoader > works. No, why ? I can create whatever I want for the SourceCode location. I would have to add a new field to the ResourceEntry class, though (which doesn't seem to be a big problem). I was already considering changing it (as I wanted to be 100% compatible with the URLClassLoader), but I didn't see any bug reason to do so. > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/some.jar" { > // Some permissions for this jar > }; > > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/-" { > // Some permissions for this jar > }; No, after the fix, it would be the same as for the URLClassLoader: grant codeBase="file:{path-to-webapp}/WEB-INF/lib/some.jar" { // Some permissions for this jar }; grant codeBase="file:{path-to-webapp}/WEB-INF/lib/-" { // Some permissions for the jars }; Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>