> Remy Maucherat wrote:
> >
> > > If you can point me out where in Catalina code I could take a look,
I'll
> > appreciate.
> > > Also if you need a beta-tester for your application, you count on me.
> >
> > No need to submit a patch; it is quite easy to set simpler URLs for the
> > CodeSource location, but apprently Glenn likes the possibility to set
> > per-class permissions (a feature I introduced by accident when coding
the
> > WCL).
> >
>
> I was just commenting on how it currently works. I really don't see a
need
> to fine tune security down to the individual class in a jar.
Ok.
> If the WebappClassLoader were changed so that policies granted as follows
> worked I would be happy. Of course the code base for the web application
> context and jar files would still be different due to how the
WebappClassLoader
> works.
No, why ? I can create whatever I want for the SourceCode location. I would
have to add a new field to the ResourceEntry class, though (which doesn't
seem to be a big problem).
I was already considering changing it (as I wanted to be 100% compatible
with the URLClassLoader), but I didn't see any bug reason to do so.
> grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/some.jar" {
> // Some permissions for this jar
> };
>
> grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/-" {
> // Some permissions for this jar
> };
No, after the fix, it would be the same as for the URLClassLoader:
grant codeBase="file:{path-to-webapp}/WEB-INF/lib/some.jar" {
// Some permissions for this jar
};
grant codeBase="file:{path-to-webapp}/WEB-INF/lib/-" {
// Some permissions for the jars
};
Remy
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
