Hi, We are having trouble using security policies (catalina.policy) to grant access to a codebase that has multiple jar files.
I am able to get folder-based codebases to work correctly: eg: grant "file://d:/webapps/-" This successfully grants access to all the permissions I set, which works fine for Servlets and JSP files, but JAR files in the WEB-INF/lib folder cannot access the permissions. Using a jar:file URL works: For example: jar:file:/D:/webapps/ROOT/WEB-INF/lib/myjar.jar!/ However: jar:file:/D:/webapps/- ... fails being an invalid JAR URL as it doesn't end in "!/" While this works on a file-by-file workaround, it means we have to set the permissions for every jar file, in every context of the webapps folder in order to enforce the security policy effectively. As we host different customers uploading different applications, and different contexts, this makes the security policies unusable for JAR files. Is there a way to specify these as a wildcard URL like the server libraries do? eg: grant codeBase "file:${catalina.home}/lib/-" { permission java.security.AllPermission; }; Any suggestions? FURTHER NOTES - For Tomcat Developers ======================================= I have investigated this further with policy dumps of the security logs, and jave noticed Tomcat creates CodeSource objects using the "jar:file:/jar-path.jar!/" url format when deploying jar files from the webapps folder. When deploying the system jar files however, it seems to use the "file:/jar-file.jar" format, which allows the master permissions (catalina.home/lib/-) to work as wildcards. Thanks in advance, Neale Rudd metawerx http://www.metawerx.net -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>