You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Glenn Nielsen <gl...@voyager.apg.more.net> on 2002/02/26 04:03:07 UTC
Re: DO NOT REPLY [Bug 6660] - Catalina with SecurityManager is
possibly broken.
Remy Maucherat wrote:
>
> > Remy Maucherat wrote:
> > >
> > > > If you can point me out where in Catalina code I could take a look,
> I'll
> > > appreciate.
> > > > Also if you need a beta-tester for your application, you count on me.
> > >
> > > No need to submit a patch; it is quite easy to set simpler URLs for the
> > > CodeSource location, but apprently Glenn likes the possibility to set
> > > per-class permissions (a feature I introduced by accident when coding
> the
> > > WCL).
> > >
> >
> > I was just commenting on how it currently works. I really don't see a
> need
> > to fine tune security down to the individual class in a jar.
>
> Ok.
>
> > If the WebappClassLoader were changed so that policies granted as follows
> > worked I would be happy. Of course the code base for the web application
> > context and jar files would still be different due to how the
> WebappClassLoader
> > works.
>
> No, why ? I can create whatever I want for the SourceCode location. I would
> have to add a new field to the ResourceEntry class, though (which doesn't
> seem to be a big problem).
>
> I was already considering changing it (as I wanted to be 100% compatible
> with the URLClassLoader), but I didn't see any bug reason to do so.
>
> > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/some.jar" {
> > // Some permissions for this jar
> > };
> >
> > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/-" {
> > // Some permissions for this jar
> > };
>
> No, after the fix, it would be the same as for the URLClassLoader:
>
> grant codeBase="file:{path-to-webapp}/WEB-INF/lib/some.jar" {
> // Some permissions for this jar
> };
>
> grant codeBase="file:{path-to-webapp}/WEB-INF/lib/-" {
> // Some permissions for the jars
> };
>
I would prefer it if the difference in codeBase were left in
WebappClassLoader. Here is the reason. The root context is the
codeBase for JSP pages. The JSP pages require all permissions that
any unerlying jar's need. Yet you may not want to grant all of the
jar files all the permissions a JSP page has. If the web app root
and the jars have the same codeBase there is no way to fine tune
your security policies.
Of course this will be moot when my SecurityManager proposal is
implemented.
Glenn
----------------------------------------------------------------------
Glenn Nielsen glenn@more.net | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: DO NOT REPLY [Bug 6660] - Catalina with SecurityManager is possibly broken.
Posted by Remy Maucherat <re...@apache.org>.
> Remy Maucherat wrote:
> >
> > > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/some.jar" {
> > > // Some permissions for this jar
> > > };
> > >
> > > grant codeBase="jar:file:{path-to-webapp}/WEB-INF/lib/-" {
> > > // Some permissions for this jar
> > > };
> >
> > No, after the fix, it would be the same as for the URLClassLoader:
> >
> > grant codeBase="file:{path-to-webapp}/WEB-INF/lib/some.jar" {
> > // Some permissions for this jar
> > };
> >
> > grant codeBase="file:{path-to-webapp}/WEB-INF/lib/-" {
> > // Some permissions for the jars
> > };
> >
>
> I would prefer it if the difference in codeBase were left in
> WebappClassLoader.
I'm quite sure the StandardClassLoader which was used before was generating
the second type of source location URLs
(file:{path-to-webapp}/WEB-INF/lib/some.jar).
> Here is the reason. The root context is the
> codeBase for JSP pages. The JSP pages require all permissions that
> any unerlying jar's need. Yet you may not want to grant all of the
> jar files all the permissions a JSP page has. If the web app root
> and the jars have the same codeBase there is no way to fine tune
> your security policies.
By "The root context is the codeBase for JSP pages", do you mean that the
source code URL is "file:{path-to-webapp}/" ?
> Of course this will be moot when my SecurityManager proposal is
> implemented.
Remy
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>