I'm running Tomcat 4.1.31 with SecurityManager and tried to understand the
default settings for web applications in conf/catalina.policy.
Lines 83-91:
[...]
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.naming.*", "read";
permission java.util.PropertyPermission "javax.sql.*", "read";
[...]
As far as I understood the comments, I thought this would allow me to specify
JDBC DataSources and mail sessions as Resources in my context and then make
use of them in my servlets with
Context initContext = new InitialContext();
Context envContext = (Context) initContext.lookup("java:comp/env");
DataSource dataSource = (DataSource) envContext.lookup("jdbc/foo");
and
Context initCtx = new InitialContext();
Context envCtx = (Context) initCtx.lookup("java:comp/env");
Session session = (Session) envCtx.lookup("mail/Session");
respectively. However, I had to add additional permissions to catalina.policy
to make the servlets work:
grant codeBase "file:/path/to/my/webapp/WEB-INF/classes/-" {
permission java.net.SocketPermission "mysqlserver:3306","connect,resolve";
permission java.util.PropertyPermission "javax.mail.Session.Factory","read";
permission java.net.SocketPermission "mysmtpserver:25","connect,resolve";
};
Is there a more elegant way to achieve the same result (e.g. without changing
catalina.policy)? Any advice is very much appreciated.
Cheers
Thomas Zumbrunn
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
