Do you want Application A have write/read access to properties files of Application B ? what about if both application were made by diferents providers ?
Another example ... Do you wana application A have read/write access to $GERONIMO_HOME/var/config or security files ?
Bye.
Vamsavardhana Reddy <[EMAIL PROTECTED]> escribió:
Vamsavardhana Reddy <[EMAIL PROTECTED]> escribió:
When does one require to run the server under a Security Manager?
Thanks,
Vamsi
On 2/11/06, Matt Hogstrom <[EMAIL PROTECTED]> wrote:Cristian,
No apologies. This is good feedback as I think we can use as much
administrative feedback as possible.
Cristian Roldan wrote:
> Hi All,
> I enabled the Security Manager with these parameters "-Djava.security.manager -Djava.security.policy=geronimo.policy",
> everything works ok, but the only problem that I saw was with the Application identification (number) , if you deploy
> an application, Generimo creates a directory config-store/[NUMBER], you must use this number in the policy file, after a while
> you undeploy and deploy a new version of that application in this case you obtain a new number, so you must change the policy file.
> I think that using a [number] as a deployment directory is not the best solution from the administration perspective.
> I'm sorry I just give an opinion from the administration point of view maybe there is a design/performace reason that I can't see.
>
>
> // --------------------------------------------------------------------------------------
> // Permissions for Geronimo V.1.0
> // --------------------------------------------------------------------------------------
> // Geronimo gets all permissions
> grant codeBase "file:${org.apache.geronimo.base.dir}/lib/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/repository/-" {
> permission java.security.AllPermission;
> };
> //----------------------------------------------------------------------
> // From here I set the minimun permissions for my Applications
> // You must change "23" for you Application number, this number is created
> // during deployment phase.
> //----------------------------------------------------------------------
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/23/-" {
> permission java.lang.RuntimePermission "accessClassInPackage.*";
> };
> // ---------------------------------------------------------------------
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/1/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/2/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/3/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/4/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/5/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/6/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/7/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/8/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/9/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/10/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/11/-" {
> permission java.security.AllPermission;
> };< BR>> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/12/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/13/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/14/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/15/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/16/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/17/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/18/ -" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/19/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/20/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/21/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/22/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/24/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/25/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/26/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/27/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/28/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/29/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/30/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/31/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/32/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/33/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/34/-" {
> permission java.security.AllPermission;
> };
> grant codeBase "file:${ org.apache.geronimo.base.dir}/config-store/35/-" {
> permission java.security.AllPermission;
> };
>
>
>
>
> ---------------------------------
> 1GB gratis, Antivirus y Antispam
> Correo Yahoo!, el mejor correo web del mundo
> Abrí tu cuenta aquí
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡grati
s!
¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
