-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dude,
On 11/24/12 8:17 PM, Baron Von Awsm wrote: > We have a requirement that can be stated as follows, > > * The web app needs to be able to read from and write to a > directory that is external to the webapp's own docBase and > directory structure. > > * The write access needs to be unrestricted in that the web app > will need to create, modify and delete files and directories within > the directory (but not be able to delete the directory itself). Your webapp can read from and write to any directory it can a) reference and b) access via permissions. Tomcat does not directly support or prohibit any of this. If you are using a SecurityManager and Tomcat's catalina.policy file, then you you obviously have to modify it accordingly. > * The directory needs to be a member of the webapp's classpath. This may be somewhat problematic. I would also argue that this is a pretty large security hole, but that's for you to worry about. You can specify the class loader used for your webapp (which you could write yourself), and you can use virtual class loaders (provided by Tomcat), etc. via configuration. Read the documentation for the <Loader> component in the "configuration" section of the Tomcat users' guide. > * The directory contents must not be accessible via any url that > can be directed at the webapp. No problem: just don't configure the DefaultServlet to give access to this directory. Given the number of questions on this list about how to configure the DS in this way, I suspect that *not* configuring DS in this way isn't a problem. > We're developing on Windows 7. In the development environment, > we're simply placing the path to the external directory in the > webapp's classpath in the web app's Tomcat context file. Using <Parameter> or <Environment> or something similar? That seems reasonable. > We're running Tomcat without the -security option and all works > well. With the -security option, as expected, the webapp no longer > has the permissions needed to read and write against the external > directory with File operations. > > What do we need to do to configure Tomcat (running with the > -security option) to allow us the access we're after to the > external directory? catalina.policy You can't configure class loading via catalina.policy -- that needs to be done using <Context>/<Loader>. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCzt+kACgkQ9CaO5/Lv0PCpegCfWmU8RZq2Xs1N3HgRuw/Qp6Cc i24An0/y+oCM+6FqGlLR8OmEaV0ShCvH =wUyY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
