Howdy, >I want to use JAAS for authorization in a web-application that runs under >Tomcat4.1. >I don't want to put my policy file neither in java_home/jre/security >neither >in user.home directories (because I think it's not correct).
Unfortunately, I'm hearing other people with the same (valid) complaints as you. >to create my own implementation of java.security.Policy, that parses my True. As the JavaDoc for java.security.Policy suggests, it was always intended for people to write custom Policy implementations for these needs. >But java.security.Policy is core class and it is loaded by Primordial Class >Loader. True. >And if I replace default Policy by own implementation than all web >applications will get my implementation of Policy when they invoke >Policy.getPolicy(). >Am I right? You're right. >How can I populate my policy permissions in web environment? Stick the policy file in $JAVA_HOME/jre/security is the easiest option. One alternative is to find a container, if there is any, that supports per-webapp policy files. I'm not personally aware of any such container. Another alternative is as you say, to write your own policy implementation, run just your webapp on the server that uses this implementation, and stick your implementation high up in the classloader hierarchy. Yoav Shapira Millennium ChemInformatics This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
