Hi all, I know this is a little bit out of topic, but the general concept is useful for everybody.
I run tomcat with security manager for a dozen users. Recently, people started to use the hibernate 2 which requires some funky permissions. I had to put these lines in the 'global' permission to make it work: grant { ... permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "defineCGLIBClassInJavaPackage"; ... } Note: I DID test using a codebase like: grant codeBase "file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/-" { .... but the classes hibernate creates after reflection stop obeying the security manager. Are there any security risks on a security setup with those 3 lines for all classes in the JVM ? Thanks Renato. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]