Re: Security Policy while running as a windows service
Start the tomcat5w.exe and open the configure options. Open the java tab and add your jvm parameters. -Djava.security.SecurityManager -Djava.security.policy==full path to your tomcat/conf/catalina.policy Two == signs is right to overide the complete policy :-) Peter Asim Alp schrieb: Hello everyone, I'm running my Tomcat 5.5.4 as a Windows Service. Is there a way to put the -security option to the GUI application? I'm trying to get my service to start with the catalina.policy file for extra security. Thanks, Asim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Security Policy while running as a windows service
Hello everyone, I'm running my Tomcat 5.5.4 as a Windows Service. Is there a way to put the -security option to the GUI application? I'm trying to get my service to start with the catalina.policy file for extra security. Thanks, Asim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
q: reload security policy without Tomcat restart?
I want to be able to make changes to my catalina.policy and to apply those changes without restarting Tomcat. Is this possible, and how would I go about it? TIA!
RE: reload security policy without Tomcat restart?
Hi, I want to be able to make changes to my catalina.policy and to apply those changes without restarting Tomcat. Is this possible, and how would I go about it? This is not a tomcat issue, but rather a general java one. The SecurityManager reads the policy file once, upon its construction. So you can't reset it or anything. However, you can construct a new one and call System.setSecurityManager with your new one. So the overall answer to your question is yes, but you need to write a bit of code, e.g. a servlet, to do it. The above is only AFAIK, I haven't played around with this in a very long time (a couple of major java releases), so it could be wrong, out of date, or both ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security Policy
Kwok Peng Tuck wrote: Hi list , With regards to the security manager in tomcat, is it possible to ship a policy file with each webapp ? No it is not. You have to put those permission in catalina.policy. -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Security Policy
Hi list , With regards to the security manager in tomcat, is it possible to ship a policy file with each webapp ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Security policy files
Hi, I know that when Tomcat starts it uses the catalina.policy file. Does anyone know if it is possible to set a security policy file for individual WebApps? Thanks Jim. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Security Policy problem - need to specify ALL jar files with a codebase wildcard
Hi,
We are having trouble using security policies (catalina.policy) to
grant access to a codebase that has multiple jar files.
I am able to get folder-based codebases to work correctly:
eg: grant file://d:/webapps/-
This successfully grants access to all the permissions I
set, which works fine for Servlets and JSP files, but JAR
files in the WEB-INF/lib folder cannot access the
permissions.
Using a jar:file URL works:
For example: jar:file:/D:/webapps/ROOT/WEB-INF/lib/myjar.jar!/
However: jar:file:/D:/webapps/-
... fails being an invalid JAR URL as it doesn't end in !/
While this works on a file-by-file workaround, it means we have
to set the permissions for every jar file, in every context of the
webapps folder in order to enforce the security policy effectively.
As we host different customers uploading different applications,
and different contexts, this makes the security policies unusable
for JAR files.
Is there a way to specify these as a wildcard URL
like the server libraries do?
eg:
grant codeBase file:${catalina.home}/lib/- {
permission java.security.AllPermission;
};
Any suggestions?
FURTHER NOTES - For Tomcat Developers
===
I have investigated this further with policy dumps of the security
logs, and jave noticed Tomcat creates CodeSource objects
using the jar:file:/jar-path.jar!/ url format when deploying jar
files
from the webapps folder. When deploying the system jar files
however, it seems to use the file:/jar-file.jar format, which allows
the master permissions (catalina.home/lib/-) to work as wildcards.
Thanks in advance,
Neale Rudd
metawerx
http://www.metawerx.net
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
ODP: Security Policy problem
i think applets are only allowed to connect back to the server they originate from. this might be the problem, or better, consult JDBC faq from www.jguru.com vVolf -Oryginalna wiadomooe- Od: Sunny SJ [mailto:[EMAIL PROTECTED]] Wysano: 21 marca 2001 04:19 Do: [EMAIL PROTECTED] Temat: Security Policy problem I am creating a Java Applet (running on Internet Explorer web browser) that can access a database located in a remote machine (server). The connection to the remote database is established using JDBC-ODBC bridge. However, I encounter java security problem that restricted me to access the database across the network. Is there anyway I can overcome this problem? Thanks for your help SSJ Get free email and a permanent address at http://www.netaddress.com/?N=1
Security Policy problem
I am creating a Java Applet (running on Internet Explorer web browser) that can access a database located in a remote machine (server). The connection to the remote database is established using JDBC-ODBC bridge. However, I encounter java security problem that restricted me to access the database across the network. Is there anyway I can overcome this problem? Thanks for your help SSJ Get free email and a permanent address at http://www.netaddress.com/?N=1
