Basically, I am trying to install a custom Policy class on a web app running
within a Tomcat 4.1.27 container.
To do so, I have registered a ServletContextListener in the web.xml and I am
calling Policy.setPolicy(new rbac.MyPolicy()) from within the
contextInitialized method. Later I use the standard JAAS calls to check
permissions.
Everything works well on an XP tomcat installation. However, as soon as I
deploy to Solaris 2.8, strange behavior appears. It seems that the Policy
class is being modified so that the following calls made from a jsp
<% Policy.getPolicy() instanceof rbac.MyPolicy %> <%
Policy.getPolicy().getClass().getName().equals("rbac.MyPolicy") %>
return inconsistent values. The first returns false while the second returns
true!
If I delay the policy installation to a later point in the application
lifecycle (i.e. call setPolicy from within a servlet filter instead of
setting the Policy, the problem disappears. However, I would like to avoid
the extra overhead of filtering each request.
I am not running tomcat with the security manager.
I would be grateful to anyone offering a remedy or suggestions.
Thanks,
// William.
[EMAIL PROTECTED]
ncubeAIT Development
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
