Security policies for servlets

[Jochen Sauter <jo...@hotmail.com>]

Hi,

I've been trying to specify a security policy file for
servlets but have not been successful. For a usual
Java application I would specify it with something
like:
    java -Djava.security.policy=/etc/policy.all MyApp
Where do I define such a file in Tomcat? In the configuration
file of the tomcat server? Or do I need a separate
conf file for each servlet?

Thanks,
Jochen


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Re: Security policies for servlets

[Costin Manolache <Co...@eng.sun.com>]

Jochen Sauter wrote:

> Hi,
>
> I've been trying to specify a security policy file for
> servlets but have not been successful. For a usual
> Java application I would specify it with something
> like:
>     java -Djava.security.policy=/etc/policy.all MyApp
> Where do I define such a file in Tomcat? In the configuration
> file of the tomcat server? Or do I need a separate
> conf file for each servlet?

There are some problems with security policy, I don't think
we can get them to work for tomcat 3.1.

I'll check in some fixes after we have a stable release, it seems
the biggest problem is that AdaptiveClassLoader doesn't support
CodeSource.

You may be able to get everything working if you  use a custom start
code with no ClassLoader,  and include everything in CLASSPATH.

Security is very important, and I plan to fix the code to support
policy.  If you already have a fix please send it to the list, but I'm
not
sure if we can get it into 31 ( we need  JDK1.1 compatibility ).


Costin

Re: Build broken?? Sanity check please...

[Arun Jamwal <Ar...@eng.sun.com>]

I had no problem compiling ANT on WinNT4.0 using the
latest version of Jakarta-ant.

Just make sure that JAVA_HOME is set right.

---------------------------------------------------------
E:\WATCHDOG\jakarta-ant>java -version
java version "1.2.2"
Classic VM (build JDK-1.2.2-001, native threads, symcjit)

E:\WATCHDOG\jakarta-ant>ver

Windows NT Version 4.0

E:\WATCHDOG\jakarta-ant>set JAVA_HOME=d:\jdk1.2.2

E:\WATCHDOG\jakarta-ant>bootstrap

... Bootstrapping Ant Distribution
JAVA_HOME=d:\jdk1.2.2
JAVA=d:\jdk1.2.2\bin\java
JAVAC=d:\jdk1.2.2\bin\javac
CLASSPATH=src\main;classes;lib\xml.jar;d:\jdk1.2.2\lib\tools.jar

... Compiling Ant Classes

... Copying Required Files
src\main\org\apache\tools\ant\taskdefs\defaults.properties
        1 file(s) copied.
src\main\org\apache\tools\ant\parser.properties
        1 file(s) copied.

... Building Ant Distribution
Buildfile: build.xml
Project base dir set to: E:\Watchdog\jakarta-ant
Executing Target: init
Executing Target: prepare
Created dir: E:\Watchdog\jakarta-ant\build
Executing Target: compile
Created dir: E:\Watchdog\jakarta-ant\build\classes
Compiling 52 source files to E:\Watchdog\jakarta-ant\build\classes
Copying 3 support files to E:\Watchdog\jakarta-ant\build\classes
Executing Target: jar
Building jar: E:\Watchdog\jakarta-ant\lib\ant.jar
Executing Target: main
Completed in 15 seconds

... Cleaning Up Build Directories
Buildfile: build.xml
Project base dir set to: E:\Watchdog\jakarta-ant
Executing Target: init
Executing Target: clean
Deleting: E:\Watchdog\jakarta-ant\build
Deleting: E:\Watchdog\jakarta-ant\dist
Completed in 1 seconds

... Done Bootstrapping Ant Distribution
E:\WATCHDOG\jakarta-ant>


"Preston L. Bannister" wrote:

> A couple months back (when I had time to spend on Jakarta :)
> I set up a nightly CVS update & build script - but that broke
> several weeks back.  Last week I pulled out a new current clean
> version (no local modifications) from the CVS server.
>
> At first bootstrap.bat on Win32 didn't work (?) so I fixed
> the script and built and ran Jakarta.  No problem.
>
> Today I checked out a current version of Jakarta on my Linux
> box, build ANT (no problem) and tried to build Tomcat.
>
> After about an hour (?) I gave up, and killed the dozen or so
> running Java interpreters (??).
>
> What??!?
>
> The Win32 and Linux machines are very similar:
>  - IBM JDK 1.1.8
>  - 300Mhz CPU/256MB RAM
> so I expected the Linux build to take time comparable to Win32.
>
> I can't be the only guy trying to do clean re-builds of ANT
> and Tomcat on Win32 and Linux.... am I missing something?
>
> --
> Preston L. Bannister
> preston@home.com
> http://members.home.com/preston
> pbannister via Yahoo! Messenger
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: Build broken?? Sanity check please...

[Costin Manolache <Co...@eng.sun.com>]

> I can't be the only guy trying to do clean re-builds of ANT
> and Tomcat on Win32 and Linux.... am I missing something?

I do clean re-builds of tomcat, but I use an old ANT to build.
( I agree, it's very hard to do builds when both the program and the
build tool are changing )


Costin

Build broken?? Sanity check please...

["Preston L. Bannister" <pr...@home.com>]

A couple months back (when I had time to spend on Jakarta :)
I set up a nightly CVS update & build script - but that broke 
several weeks back.  Last week I pulled out a new current clean
version (no local modifications) from the CVS server.

At first bootstrap.bat on Win32 didn't work (?) so I fixed 
the script and built and ran Jakarta.  No problem.

Today I checked out a current version of Jakarta on my Linux
box, build ANT (no problem) and tried to build Tomcat.  

After about an hour (?) I gave up, and killed the dozen or so 
running Java interpreters (??).

What??!?

The Win32 and Linux machines are very similar:
 - IBM JDK 1.1.8
 - 300Mhz CPU/256MB RAM
so I expected the Linux build to take time comparable to Win32.

I can't be the only guy trying to do clean re-builds of ANT
and Tomcat on Win32 and Linux.... am I missing something?

--
Preston L. Bannister
preston@home.com
http://members.home.com/preston
pbannister via Yahoo! Messenger