Hallo, as i tested setup debian + tomcat7 following the documentation, i was refered to http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html for enabling the security manager, as it seems in debian stable (with tomcat + examples + admin debian packages installed): - enabling the security manager: tomcat does not start -- the logs are not clear to me This is not a tomcat problem, but debian it seems to me.
So i looked further, and came across http://www.jchains.org/ but it is quiet old (2009); if correct: - it basically runs the application without security manager and records the permissions needed. - then u use that recording as a policy for your security manager - now run the application with security manager. So my question is: are there recent alternatives to this, or other good practices? mvg, Wim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org