Chris Hostetter wrote:
> : log. I have not been able to find much in the way of a howto for
> : SecurityManager, and am pretty much groping in the dark at this point.
>
> I found this...
> http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
> ...but I'm afraid I don't have much concrete advice to offer you, i've
> never run any servlet container with a security manager, mainly because
> i've never run a WAR i didn't trust completely...
>
> to start with, it looks like you're going to want to enable JndiPermission
> (since that's how you are setting the solr home) and you should enable
> read FilePermission for the entire solr home dir, and write FilePermission
> for the data dir. if you wnat to use snapshooting/snappulling you'll also
> need to RuntimePermission. i think that's probably it ... but according
> to that doc, the best way to figure out what permissions you need to turn
> on if something isn't working, is with the -Djava.security.debug=all
> option.
>
> if you have any luck with this, then by all means please update the
> SOlrTomcat wiki with what you find.
>
>
> -Hoss
>
>
Hoss, thanks for the Saturday night reply. Open Source does indeed rule.
I've gotten as far as making Solr completely trusted, which I think will
be sufficient for my own purposes, since only people with root access
can touch the Solr directories. Here's the command I added to
catalina.policy:
grant codeBase "file:${catalina.home}/webapps/solr/-" {
permission java.security.AllPermission;
};
-- Wade Leftwich
Ithaca, NY
