-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 10/10/12 10:05 AM, André Warnier wrote: > Christopher Schultz wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Mouradk, >> >> On 10/10/12 7:49 AM, Mouradk wrote: >>> I am running a servlet that reads and writes to an remote >>> instance of = Hbase/Hadoop on ec2. When the security manager is >>> off, all is fine. But = when the manager is on, write and read >>> operations fail. >>> >>> I have the following permissions on my 04webapps.policy file: >> >> 04webapps.policy isn't a file I recognize as one that Tomcat >> reads. Is this something that your local installation supports in >> some way? > > Info: this looks very much like what the Linux Debian Tomcat > package is doing : splitting up "catalina.policy" into chunks > stored in /etc/tomcat/policy.d/*, which are then re-combined into > "catalina.policy" by the package's Tomcat startup script just > before launching the JVM. > > Practically speaking, it is not a bad idea. catalina.policy as one > big chunk is not very easy to read or edit. Nor is it easy to keep up-to-date when Tomcat ships with a new version of the policy file. This happens even with point-releases so it's not like just syncing everything up when you do a major-version upgrade and have to re-write server.xml essentially from scratch. In general, I would advocate for splitting Tomcat's policy up into several files, but that significantly complicates deployment across multiple OSs and styles of launching Tomcat. With shell scripts (which is how *NIX services all launch), it's easy. On Windows, it's not quite so easy and would probably lead to confusion. So, if Debian/Ubuntu wants to split the policy file for their package-manager version I think it makes sense, but it would just add complexity at the stock-Tomcat level... and configuring Tomcat is already pushing the complexity limit for a lot of its users. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB1hMgACgkQ9CaO5/Lv0PC9/wCePhrwuTxM9HZuSllgsx4RM2uh zqAAoIJaaAZQ6H4W1J0TDzqwJ4/0Xa+R =LnnP -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
