Hi.
I'm currently working in a complex web application. In a stage of development, we wanted to control access to files from the users, and we got all the logic in a SecurityManager of its own. As we were not very familiar with all the capacities of the Security Manager, we chose for the following procedure: - Let Tomcat start normally - In our app start, we get the current SecurityManager if any and create one of ours (setting it as the System SecurityManager).
A web application should not be creating or modifying the SecurityManager. The SecurityManager is global to the entire JVM.
Our SecurityManager implements the methods related to the java.io.* classes (checkRead, etc.). If any other method is called, we implement it just calling the older SecurityManager (if there was any).
There shouldn't be any need for you to write a custom SecurityManager. Instead you should implement your own custom Permission class, then use a custom FileIO class that does the appropriate permission checks.
Regards,
Glenn
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
