I have a question about security policies.
I have a jar file that I'm putting in my WEB-INF/lib directory. The jar
is signed with a certificate. I've inspected the jar file using
jarsigner and it is signed. There is a policy entry that basically says
if a jar is signed with that key, grant all permissions.
When I call a method that opens a file, I'm getting access control
exception.
Another jar, signed with the same certificate does work.
The one huge difference is that the working example is a servlet inside
the signed jar.
The non-working example is a JSP that's in the application's top-level
directory. IOW JSP -> calls instance method of class in signed jar.
I expected that by having the JSP call into a signed jar, I would be
able to open the file under the security manager. Is that wrong?
--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com
