Jean-Francois Arcand wrote: > Hi, > > I've re-factored Catalina.java and CatalinaService.java and merge the > security code into a single class: o.a.c.security.SecurityConfig. This > class will manage all the package access/definition security properties. > > Actually, the list of package access/definition are harcoded in that > class. I would like to propose we move this package list into a > Tomcat.security file following the J2SE format (see below). This way if > people needs accesses to a package, they will have the opportunity to do > it with having to recompile Catalina. > > Righ now, some Watchdog tests are failling because they need accesses to > o.a.t.util, and yesterday, we have started protecting this package. > > What do you think? I know, that's another config file (I don't like > having another file). I don't see where we could place that information.
No, I would name it tomcat.properties instead, and it will contain also the class loader configuration. We can call all that the bootstrap configuration. Eventually, the bootstrap config will be read from a JNDI context (and the default context used for that will be one pulling the data from tomcat.properties). Otherwise, +1. Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
