|
|
|
|
|
| 010011010110000101110100011101000010000001000010011101010111010001100011011010000110010101110010 | |
|
Tomcat 5.5 On Debian: Security policies and {catalina.home}Because of Debian's package reorganization, policies don't always work the way you'd think.
Author: M Butcher For this reason, many Tomcat scripts and subsystems assume the presence of $CATALINA_HOME or ${catalina.home}. In most cases, things still work fine. But when writing policies (in /etc/tomcat5.5/policy.d/50user.policy, for example), keep in mind that the webapps/ directory is not under ${catalina.home}. A policy like this probably won't work: grant codeBase "file:${catalina.home}/webapps/MYSERVLET/-" {permission java.security.AllPermission }; The reason is that webapps is not under /usr/share/tomcat5.5 (the substituted value for ${catalina.home}). The webapps directory in Debian is located in /var/lib/tomcat5.5. Thus, the above policy needs to be adjusted to this: grant codeBase "file:/var/lib/tomcat5.5/webapps/MYSERVLET/-" {permission java.security.AllPermission }; The unfortunate issue, though, is that there is no output in Tomcat (other than your usual security exceptions) that would indicate what path was being used. Perhaps there are debug flags that would help catch this... but unless you already know what the problem is, that's not very helpful. Bottom line: be wary of the package reorganization, and make sure the environment variables and placeholders are pointing to the place you think they are. |
|
|||||||||||||||||
Search |
|||||||||||||||||||
|
Questions? Comments? Consulting Opportunities? Email matt at aleph-null.tv. This site and all of its content is Copyright © 2003-2005, Aleph-Null, Inc. All rights reserved. |
|||||||||||||||||||
