-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
I'm resurrecting this thread because I'd like to return my attention to running my webapp under a SecurityManager. On 3/25/2010 4:03 PM, Christopher Schultz wrote: > This is off-topic in that it doesn't really have anything to do > specifically with Tomcat, but I would be willing to bet that readers > would be interested in the answer. Besides, the pool of brain cells > available to this list is rather deep and I'd love an explanation of > policies. > > I recently tried to set up Tomcat 6.x running under a SecurityManager. > As I fell down the rabbit hole, I saw that lots of things needed to be > granted to my code, which all makes sense in general. What I don't quite > get is the hierarchy of checks that are done. Can anyone recommend any literature for understanding the Zen of Java's SecurityManager and, more specifically, how to properly write your application to operate under one? I'm looking for references that explain the interaction between the SecurityManager itself, the policy, signed code, and the use of AccessController/PrivilegedAction. Online resources and articles as well as dead trees would be fine. My Google-fu just isn't turning up anything relevant. I get either horribly technical specifications of things or trifles that just say "run under a SecurityManager and everything will be secure!". Any help would be greatly appreciated. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzbC3gACgkQ9CaO5/Lv0PASFwCeLUDSfK0n+jFbli4sqRRWPGEf avYAn0oksVC/YT1Gai/w936m2h7sp6eM =IPIw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
