> Remy Maucherat wrote: > > > > > Due to recent questions about the SecurityManager implementation in > > > Tomcat 4 I decided to post my proposal for overhauling how security > > > policies are managed in Tomcat 4. This is something I have wanted > > > to do for a while but has been sitting on the back burner as I have > > > been very busy with other work (non open source) related projects.. > > > > Yes, I think it looks good, and full of useful features. > > Thanks. > > > The only thing is that IMO it should be integrated in the server.xml file > > and its child files. I don't see any reason to keep that in separate config > > files. > > server.xml child files ??
Like the ones used for the admin and manager webapps (webapps/admin.xml and webapps/manager.xml). It's just as if that XML fragment was inserted in the server.xml file. > > I think I could implement it if I have some time, which is a possibility > > after I finish Coyote. > > Whats the timeline on that? Whenever I stop trying to fix bugs for one whole week. Of course, it's less a priority now that (unexpectedly) JK is out there and fully supported. I still have some design decisions to make for the Catalina wrapper (the HTTP stack itself looks good enough already). > I originally wrote that proposal Jan 3, but was sitting on it > because I was very busy with other projects. I have some time now to > work on it. I'll see if I can flush out the design some more. No problem then, I was just suggesting that if you didn't have time. > BTW, I have been testing Tomcat 4.1-dev built from CVS using java 1.4 with > -security. Tomcat runs fine with the default catalina.policy, but fails > when I use a more restrictive policy. I think the problem is in Java 1.4, > I have filed a bug report on this. So for now, I am back to using java 1.3.1. I was very unhappy about 1.4 b3, which had lots of classloading issues. Thankfully, the RC and the final have been much better, but I'm not surprised there are still issues remaining in some more advanced use cases. What's the bugtraq number for your report ? Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
