How do i configure the Security Manager to use different policies for each
host/webapp/webapp(libs/classes)?
Example:
1. Install a clean Tomcat 4.1.xx
2. Creating a simple jsp page in examples/securityTest.jsp
securityTest.jsp
--->
<% secure.secureClass.readPasswd() %>
<---
3. Create a class secure.secureClass in examples/web-inf/classes
--->
package secure;
import java.io.*;
public class secureClass {
public static void readPasswd() throws Exception {
File x = new File("/etc/passwd");
x.canRead();
}
}
<---
4. Adding to catalina.policy
grant "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
java.io.FilePermission "/etc/passwd", "read";
};
5. starting tomcat with security manager
6. request securityTest.jsp => Security Exception?
what i do wrong?
Torsten Fohrer
**********************************************************
* DCSI AG * Tel.: +49 7131 155 88-0 *
* Lessingstrasse 17-19 * Fax.: +49 7131 155 88-99 *
* D-74076 Heilbronn * [EMAIL PROTECTED] *
* GERMANY * http://www.dcsi.de *
**********************************************************
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
