Hi,
I've re-factored Catalina.java and CatalinaService.java and merge the
security code into a single class: o.a.c.security.SecurityConfig. This
class will manage all the package access/definition security properties.
Actually, the list of package access/definition are harcoded in that
class. I would like to propose we move this package list into a
Tomcat.security file following the J2SE format (see below). This way if
people needs accesses to a package, they will have the opportunity to do
it with having to recompile Catalina.
Righ now, some Watchdog tests are failling because they need accesses to
o.a.t.util, and yesterday, we have started protecting this package.
What do you think? I know, that's another config file (I don't like
having another file). I don't see where we could place that information.
Thanks,
-- Jeanfrancois
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
#package.definition=
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
