Good day.

This is a general newbie question.

I just finished 'phase 1' of a fairly simple Struts app, where the app is
working and my thoughts turned to learning something about the interplay
between it and the Tomcat catalina.policy file.

All references I could find via Google to crafting a workable
catalina.policy file indicated editing this file manually.

It occurred to me that much good could be affected if there were only a way
to tell the JVM to parse and "use" the policy file, but instead of throwing
nasty runtime exceptions, simply warn me of a rule violation - and continue
to run.

Sort of like a "make -n" invocation:  show me what you would have done
without actually doing it.

Why bother?  Such an invocation would provide the developer with *all* the
exception information he or she needed to craft the policy file --- in one
runtime Catalina instance.  As it stands  now, the container will refuse to
proceed past certain access violations, which means you iterate many times,
adding rules, restart, adding rules, restart.  Eventually you get there, but
it hurts.

I spent the better part of two days on this problem, and while I learned a
lot and enjoyed it in a hurts-so-good fashion, there has to be a better
way.

http://www.petrovic.org/blog/?p=134

My *catscan* Perl-based tool there  develops fascinating insight into what
codebases want access to what information.  The accrued.policy output can be
optimized, but seeing each rule in full glory is spellbinding.

How do sophisticated developers deal with modifications to the  policy file
and still retain fine grained control over permissions?

Thanks.

--
Mark
AE6RT

Reply via email to