Wim Bertels wrote:
Hallo,
as i tested setup debian + tomcat7
there are many versions of Tomcat 7.x. Which version precisely ?
(There is a "version.sh" script somewhere, which will tell you)
following the documentation,
i was refered to
http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
for enabling the security manager,
As I recall, under Debian, there is a setting in /etc/default/tomcatx, like
SECURITY=YES/NO
which takes care of that for you.
as it seems in debian stable (with tomcat + examples + admin debian
packages installed):
- enabling the security manager: tomcat does not start
-- the logs are not clear to me
But maybe they would be clear to someone here.
What do they say ?
This is not a tomcat problem, but debian it seems to me.
Also note, if it is not clear : the "security manager" is not a specific Tomcat thing, it
is a Java JVM thing. It is the JVM which runs Tomcat which enforces some security
restrictions upon Java programs which run under it.
That includes Tomcat java code, and the java code of the applications which run
under Tomcat.
So i looked further,
and came across
http://www.jchains.org/
but it is quiet old (2009);
if correct:
- it basically runs the application without security manager and records
the permissions needed.
- then u use that recording as a policy for your security manager
- now run the application with security manager.
So my question is: are there recent alternatives to this,
or other good practices?
mvg,
Wim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
