Howdy,
I want to use JAAS for authorization in a web-application that runs
under
Tomcat4.1.
I don't want to put my policy file neither in java_home/jre/security
neither
in user.home directories (because I think it's not correct).
Unfortunately, I'm hearing other people with the same (valid) complaints
as you.
to create my own implementation of java.security.Policy, that parses my
True. As the JavaDoc for java.security.Policy suggests, it was always
intended for people to write custom Policy implementations for these
needs.
But java.security.Policy is core class and it is loaded by Primordial
Class
Loader.
True.
And if I replace default Policy by own implementation than all web
applications will get my implementation of Policy when they invoke
Policy.getPolicy().
Am I right?
You're right.
How can I populate my policy permissions in web environment?
Stick the policy file in $JAVA_HOME/jre/security is the easiest option.
One alternative is to find a container, if there is any, that supports
per-webapp policy files. I'm not personally aware of any such
container.
Another alternative is as you say, to write your own policy
implementation, run just your webapp on the server that uses this
implementation, and stick your implementation high up in the classloader
hierarchy.
Yoav Shapira
Millennium ChemInformatics
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]