Hello all,
First of all, my setup:
* Tomcat 5.5.26 on a Debian GNU/Linux 5.0 system.
* java version "1.6.0_12"
I have deployed a webapp under
/usr/share/tomcat5.5/webapps/servlet.war
I have configured my Tomcat not to unpack .war files.
Within my servlet.war file, I have a
WEB-INF/lib/mysql-connector-java-5.1.7-bin.jar
file that I use to connect to a remote MySQL database.
If I'm turning off the security manager by setting
TOMCAT5_SECURITY=no
in /etc/init.d/tomcat5.5
then I can make the connection to the database. If i turn it on
however, I can't connect.
I know I can set permissions in the
/etc/tomcat5.5/policy.d/50user.policy
file, but I'm not sure about the syntax if I'm working with a .war file.
Suppose I write the following:
grant codeBase "file:/usr/share/tomcat5.5/webapps/servlet.war" {
permission java.net.SocketPermission "*.databasehost.be:3306",
"connect";
}
Then my two questions are:
* Is the grant codeBase line the correct way to specify permissions for
my servlet.war web application (deployed as a .war file, not unpacked)
* Will the above be enough to allow connections to the database server,
or do i have to specify extra lines for the
WEB-INF/lib/mysql-connector-java-5.1.7-bin.jar file that is within the
servlet.war file? Does every .jar file that is within servlet.war
inherit the permissions that i give to servlet.war?
Thanks,
Bart
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
