I will try a wild-card permission and see what happens.
Rainer Jung wrote:
George Sexton schrieb:
Rainer Jung wrote:
I have 250+ virtual hosts per tomcat instance. It seems like a lot of
overhead that I'm not interested in.
How would I add the correct configuration to catalina.policy for 250
virtual hosts/contexts into catalina.policy?
It seems to me that I would have to either make many entries or make one
generic entry that over-assigns permissions.
Complicating matters, using the host manager, I deploy new virtual
hosts/contexts on the fly while the servlet engine is running. Is there
a mechanism for dynamically updating catalina.policy?
How about adding something like
permission java.io.FilePermission
"${catalina.base}${file.separator}webapps/-", "read";
to the block starting with
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar"
The security manager should mainly protect you somehow against malicious
webapp code. So giving those permissions to tomcat-juli doesn't seem to
be to big a problem. You can even narrow that down to giving it only to
the class org.apache.juli.ClassLoaderLogManager.
I don't know how the file system layout of the webapps for all your
vhosts looks like, but wouldn't something like this be a good compromise
for 5.5.27?
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
