-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Christian,
On 4/24/13 11:25 PM, Christian Beikov wrote: > Well I understand that there is only one SecurityManager per JVM, > but as you mentioned I can restrict actions for specific CodeBases. > This is what I am actually trying to do. I want the student web > applications to have only a hand full of permissions defined in a > policy file. I'm curious as to what permissions you want them to have while restricting others. Can you give some examples? > I think I explained my self wrong earlier. The policy file I am > speaking of, the one I want to apply to student projects, is more > like a set of permissions that I want to give the web applications. > I mainly want my testsuite and everything packaged with it to have > all permissions. Generally the student projects should have no > permissions. I want to give these applications only a minimal set > of permissions, only the ones they actually would need to fullfil > their tasks. I understand what you are saying, but examples would certainly help. > The WebappClassLoader supports the method > addPermission(Permission) which is nice somehow, but I don't want > to hard code the permissions but rather have them in a policy file > or so. I actually had no idea that WebappClassLoader had a set of "addPermission" methods. I'll have to read more about those.... they seem to give access to the parent classes (URLClassLoader, SecureClassLoader)'s permissions lists. Cool if it works. I honestly had no idea that some ClassLoaders maintain their own permissions lists. > The reason for having the permissions in a policy file is mainly > because I thought I can configure something in context.xml so that > the policy file gets picked up by tomcat. If you want this, then you'll have to do a couple of things: 1. Make sure the context.xml always has the stuff you want (and isn't under control of the student, for instance -- otherwise they can just give themselves whatever permissions they want) 2. Create a ServletContextListener that runs on startup 3. Your listener needs to parse your policy and apply it to the WebappClassLoader. I wouldn't be surprised if the webapp itself is not permitted to add permissions to the WebappClassLoader. You might have to put your ServletContextListener higher-up in the ClassLoader hierarchy in order to be allowed to call that method. 4. Figure out how to parse a policy file. Note that #4 just means /your/ policy file. It doesn't have to be a classic "Java Policy File". You could have a simple policy file like this: java.io.File.read=/path/to/some/data java.io.File.write=/dev/null Then you can parse it any way you like. Use XML if it's more convenient. > I just don't want to have these applications running on my computer > not knowing what they actually do. To be honest I couldn't think of > any permission I would give a student application. The libraries > that can be used are predefined, so I give these jar files the > permissions for reflection or whatever they need to work properly. If you don't know what permissions they would need, maybe you should wait until you actually need to give those permissions before you spend a lot of time building infrastructure to support granting them. > Am I simplifying the whole thing and is what I want much harder to > achive than I think? If it were me, I'd look at a particular project and imagine any privileges you'd need to give to a webapp in order for it to function. For instance, if you have a webapp that is just a "Hello World" then you don't need any permissions. If you need to access a database, then you'll need to give them access to that, too. If everyone needs access to the same database, maybe just make it a top-level permission that all code can access localhost:1234 or whatever in order to contact the database. I think you'll find that lots of what you want can be configured at the global level without worrying too much about assigning permissions to individual webapps. Instead, all webapps will likely need the same permissions (e.g. reflection) and you can simply give *all* code in the JVM permissions to do that. Then you have much less code to write. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJReWOHAAoJEBzwKT+lPKRYDjIP+wY5GP++U4B9sTRbQLCjpOKZ wCkg4QnaKP6/eWikJa2HpuQ0re2428utIxv+nXSRdACWXgIx/lQbD2oTF8OfNC86 1ltP8kDXA5kUDT5y4nbpGeWzl0wUuEM4Ce/wmq8mkyKTqvLj2vMDiXrUNSjfgrBS UVUm/P3kn0E0oJubyRZ19IJITC8Iv7rnnppOSEPOz+hj1/zVbblkHK91UEqmLy4+ 6kcdZ8Xxvq33vHWfCjsmosJuvIljh5SYl8CLTtEDv+gr/x/YweJoVA9m1tNXp97u QgZrzrCBz5L+RBnplz1vZFae/eqhm2FPjVZL9p3Kw8utqZa03rj/ugwBZO1/WP7L zv46CQaN0cRuM6RMik9rkwKjIIz8VPgr62zvfApkDamYpej07/HIG0lIVpSc6fa4 O9U4KjRTfCOCG2zZyE1eQq+Qzxg/MMlrik4uNQV/KNMM7WASFjOv1+c/Q7M9oeJm c5dgInU3mTU6o+LW/b1By3sRxkadR5/Vhx3X+7aFGya+VBonkQrpFB9qV494bzvi 1+srWZzKWs//ayNilIuYS4SVRdTGgTvAl36DZAxAZ0KsGOQr8EwNCzId5l5lgyuR HPGaTUtzzI3HTt52a0fKz+ZMlZsj1skXl11Gz+X2KsG7Yt1vuIaEppQjyFfTfyvR IUWrlt3E/50rs2I14BZz =HPn0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
