Re: FilePermission's in catalina.policy.

Wed, 22 Sep 2004 09:11:29 -0700 

Problem solved.

The "file:" is only used when defining a codeBase as it can be a URL or a
file.

i.e. this also works:

permission java.io.FilePermission
"${catalina.home}${/}webapps${/}extras${/}library${/}","read"; // Read
listing.

Andoni.

----- Original Message ----- 
From: "Andoni List" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, September 22, 2004 2:06 PM
Subject: FilePermission's in catalina.policy.


> Hello,
>
> I am trying to run Tomcat with a very strict security cordon around it. So
I
> am using catalina.policy to shut down everything except exactly what I
need.
>
> I am having one problem with a small bit of this at the moment, I am
trying
> to find get the following to allow files be read from my library by my web
> app. When I specify the directories in windows dependant style there is no
> problem but when I specify them using the property there is a problem. The
> property is set correctly as it is used to specify the code to do the
> reading.
>
> Any suggestions?
> Thanks in advance,
> Andoni.
>
>
> grant codeBase "file:${catalina.home}${/}-" {
> // permission java.security.AllPermission;
>  permission java.util.PropertyPermission "*", "read,write";
>
> // The next two lines are what works for the library.
> // java.io.FilePermission cannot use ${catalina.home} or other properties.
> // permission java.io.FilePermission
> "c:${/}tomcat41${/}webapps${/}extras${/}library${/}","read"; // Read
> listing.
> // permission java.io.FilePermission
> "c:${/}tomcat41${/}webapps${/}extras${/}library${/}*","read"; // Read
files.
>
> // These next two don't work:
>     permission java.io.FilePermission
> "file:{catalina.home}${/}webapps${/}extras${/}library${/}","read"; // Read
> listing.
>     permission java.io.FilePermission
> "file:{catalina.home}${/}webapps${/}extras${/}library${/}*","read"; //
Read
> files.
> };
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to