Good day. This is a general newbie question.
I just finished 'phase 1' of a fairly simple Struts app, where the app is working and my thoughts turned to learning something about the interplay between it and the Tomcat catalina.policy file. All references I could find via Google to crafting a workable catalina.policy file indicated editing this file manually. It occurred to me that much good could be affected if there were only a way to tell the JVM to parse and "use" the policy file, but instead of throwing nasty runtime exceptions, simply warn me of a rule violation - and continue to run. Sort of like a "make -n" invocation: show me what you would have done without actually doing it. Why bother? Such an invocation would provide the developer with *all* the exception information he or she needed to craft the policy file --- in one runtime Catalina instance. As it stands now, the container will refuse to proceed past certain access violations, which means you iterate many times, adding rules, restart, adding rules, restart. Eventually you get there, but it hurts. I spent the better part of two days on this problem, and while I learned a lot and enjoyed it in a hurts-so-good fashion, there has to be a better way. http://www.petrovic.org/blog/?p=134 My *catscan* Perl-based tool there develops fascinating insight into what codebases want access to what information. The accrued.policy output can be optimized, but seeing each rule in full glory is spellbinding. How do sophisticated developers deal with modifications to the policy file and still retain fine grained control over permissions? Thanks. -- Mark AE6RT
