Hi! I want to use JAAS for authorization in a web-application that runs under Tomcat4.1. I don't want to put my policy file neither in java_home/jre/security neither in user.home directories (because I think it's not correct). So I am forced to create my own implementation of java.security.Policy, that parses my policy file. But java.security.Policy is core class and it is loaded by Primordial Class Loader. And if I replace default Policy by own implementation than all web applications will get my implementation of Policy when they invoke Policy.getPolicy(). Am I right? How can I populate my policy permissions in web environment?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]