-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I'm working on getting my application working under a SecurityManager.
It's actually been a little less painful than I thought it would be.

I'm using Solr for some index searching. I'm using SolrJ for the
library to communicate via HTTP to a localhost Solr server. When using
this grant:

grant {
  permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
  permission "java.net.SocketPermission", "localhost:8983",
"resolve,connect";
}

My application can can contact Solr without any errors.

If I change the "grant" to include a codeBase to restrict those
connections to the Solr library, I get a AccessControlException:
access denied to the system property. Here is the modified grant:


grant codeBase
"file:${catalina.base}${file.separator}webapps${file.separator}myapp${fi
le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
1.jar"
{
  permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
  permission "java.net.SocketPermission" "localhost:8983",
"resolve,connect";
};

I have verified that the file exists under the path specified above. I
tried both ${file.separator} and '/' as the file separator. I also
tried "jar:/path/to/jar!/-" as the codeBase. No luck.

These grants are added to the end of the stock catalina.policy file
that ships with Tomcat.

What am I missing, here?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq0IpkdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFj/og//dsN0nnYfal37ceL5
pEtIUtOGq87vwHRRMvTuWwxGmm5DqqfC+ZC07IWnJJt5Ap9ir8mYRiYluoCvx0yx
LdmUVEesygbhOmyLm6EX3deJ7ozaO5MkFcDx0084y/dHfx+L3mg2n/ysG/qnqoxS
69RvbQNh7ByRsDOnhlSXLc0ZSSB6L9GtE9UpgGdCdyvyBXKS5X3/XOvygJ13lHZH
lZH1/iXEUzatZtR7wSySfVdEXSx2JjSagClPmYVi4Lj4Fi9qugbwnpakT8Sr3mJx
A/lK/KLPA3NqH/T91fzZBzlmLXqZ6L5GFz2P9iOaQ+1QfcCiMktFxJ2tXzqYDQm1
g0OtE/k2Jf3+QZtpUDJ+cDzLjWdUXs/6oa0Uo37ZXTRU1wowPeX+PHsKr9aqQB+T
rx7OXTL/ZLh+bQobaQV4oyiF+mSRLZfrtI7cHoF8ZiwwsXpo4y+4CQqxzsWR6w4A
9wYV/lKecONJnwNey6JujapbcFcWmCZps5crvUyi/YNx/Rl/szdI2vWOevCJwnvQ
LgyvbNF8AglERID8bL0fT9RL9Ws5/taII3egavGBMUGi+VYu/qjY2c9unP3W7UR6
42NNGkDxQlum8M3uu3FpDMmsfcRcYzQSZ1yCEharMLzKR6zn0c4odnJpUWmVzLnO
brtsSvTBTsIlH3F7dlocMV63W+U=
=xlk2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to