At 06:08 PM 11/5/2000 -0800, you wrote:
>Chad Loder wrote:
>
> > Thanks Craig.
> >
> > I assumed that Tomcat installed the Java security manager by
> > default. This would be the reasonable approach as long as
> > Tomcat wasn't aiming to support pre-Java2 platforms (e.g.,
> > JDK 1.1). Is this in fact the case?
> >
>
>No it isn't -- you have to specifically enable this, because you need to set
>up the policy permissions file ($TOMCAT_HOME/conf/tomcat.policy) to meet your
>needs, and there is no reasonable way for Tomcat to set defaults that meet
>every circumstance.
The beauty of defaults is that they don't have to meet every circumstance.
That's why they are called defaults. :P
>No, just looking in the wrong place :-)
>
>Security manager support is a 3.2 feature -- it's not there in 3.1. The file
>is "doc/uguide/tomcat_security.txt". It's also visible online:
>
><http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/uguide/tomcat_security.txt>
Ah, thanks.
c
