Hi, I wrote that doc originally.
I did manage to run Tomcat under a Security Manager. It was a hassle -- a lot of framework libraries (I was using Hibernate and Velocity, among others) use reflection which can fail under strict SecurityManager settings. I had to go through a trial-and-error process in which I kept getting access errors for specific classes, permitting them in the security settings, and then trying again. Unfortunately, I don't have the list of specific settings I used. I've been less concerned about this issue ever since Velocity introduced the SecureIntrospector which prevents template authors from calling class loader related method calls. WILL On Wed, Mar 31, 2010 at 7:37 AM, sebb <seb...@gmail.com> wrote: > The Wiki page > > http://wiki.apache.org/velocity/BuildingSecureWebApplications > > mentions some restrictions on using SecurityManager with Velocity 1.3.1. > > The current version of the engine is 1.6.2 - does it also have such > restrictions? > Or perhaps some of them have been eliminated? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@velocity.apache.org > For additional commands, e-mail: user-h...@velocity.apache.org > >
