SecurityManager and codeBase

Rune Hamnvik Mon, 22 Apr 2002 04:42:48 -0700

Hello
We planned to start using the SecutiryManager on our Tomcat installations,
but we have problems getting the SecurityManager to work as supposed to. We
have a project located under the webapps catalog called isp. The application
works well if we set up the catalina.policy file with the following rules
(specifying no codeBase):
grant {
      permission java.net.SocketPermission "localhost:1599", "connect"; //
Naming lookup
      permission java.net.SocketPermission "localhost:43163", "connect";
// EJB lookup
      permission java.net.SocketPermission "localhost:6666", "connect"; //
RMI to EJB server
      permission java.net.SocketPermission "localhost:389", "connect";  //
LDAP access
      permission java.net.SocketPermission "localhost:25", "connect";   //
SMTP access
      permission java.lang.RuntimePermission "accessDeclaredMembers";
      permission java.security.SecurityPermission "insertProvider.SunJCE";
      permission java.util.PropertyPermission "*", "read,write";
};


But if add the codeBase attribute to the grant part, the application stops
working. Here is the updated grant part:

grant codeBase "file:${catalina.home}/webapps/isp/-" {
      permission java.net.SocketPermission "localhost:1599", "connect"; //
Naming lookup
      permission java.net.SocketPermission "localhost:43163", "connect";
// EJB lookup
      permission java.net.SocketPermission "localhost:6666", "connect"; //
RMI to EJB server
      permission java.net.SocketPermission "localhost:389", "connect";  //
LDAP access
      permission java.net.SocketPermission "localhost:25", "connect";   //
SMTP access
      permission java.lang.RuntimePermission "accessDeclaredMembers";
      permission java.security.SecurityPermission "insertProvider.SunJCE";
      permission java.util.PropertyPermission "*", "read,write";
};

Are we doing any wrong ? We have tested on both RedHat 7.2 and Win 2000,
using JDK1.4.0. We have tried Tomcat 4.0.1, 4.0.3 and the 4.0.4 beta 2
version.

We know of the bug report: Bugzilla Bug 7319 codeBase in catalina.policy
broken with jars
But this bug seems to have been rejected.

Anyone have any idea ?

Rune Hamnvik
Mobinor
Norway


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

SecurityManager and codeBase

Reply via email to