Geoffrey Shuetrim wrote:
I am struggling with the security manager settings for Tomcat 4 running
on Sun Java 1.42 (on Debian testing) for Xindice databases that are
stored outside of the xindice webapp itself.
I have set the dbroot attribute in the xindice system.xml
to /var/xindice/db/
The db directory is owned by root but is read and write accessible to
all (thoughts on which user should own it and what access rights make
sense would be much appreciated too).
If I start tomcat4 with the security manager turned off, all goes well
and the xindice webapp runs fine.
If I start tomcat4 with the security manager running but with the
security policy configured with the following xindice specific
permission
grant codeBase "file:{catalina.home}/webapps/xindice/WEB-INF/-" {
permission java.io.FilePermission "/var/xindice/db/*",
"read,write,delete";
};
Probably exception happens because of typo - '$' is missing above. I'm not sure
that '-' syntax allows for sub-directories, so I'd try adding 'classes' to the
path. So result will be:
grant codeBase "file:${catalina.home}/webapps/xindice/WEB-INF/classes/-" {
permission java.io.FilePermission "/var/xindice/db/*", "read,write,delete";
};
Vadim
then I expect the xindice application to be able to read, write and
delete content in the /var/xindice/db.
Sadly, I get the following stack trace as the root cause of a problem:
java.security.AccessControlException: access denied
(java.io.FilePermission /var/xindice/db read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at
java.security.AccessController.checkPermission(AccessController.java:401)
...
Any thoughts on how to sort this out without turning off the security
manager?
Regards
Geoff Shuetrim
