File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Implementing a security policy for JSPs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Implementing a security policy for JSPs" Watch "Implementing a security policy for JSPs" New topic

Implementing a security policy for JSPs

Ashwin Ala

Joined: Aug 22, 2001
Posts: 1
Hi All,
Iam working on the Resin servlet container on Windows to run my JSPs.
I've been trying to implement a custom security policy for my JSPs to give them restricted access to resources like Server app classes and network sockets. So far I've made grant entries in the policy file for all code on the server and restarted the server with this file as the security.policy and this works fine. The problem arises when I try to specify a codeBase URL to define specific permissions for the folder containing the JSPs. These entries seem to get ignored and only the permissions set for the entire server are granted. Is my syntax wrong or do I have to write my own SecurityManager?
Im including my policy file entries so you can tell me where I went wrong. I haven't really found a lot of documentation about this on the Net so any kind of help would be much appreciated.
grant codeBase "file:w:/temp/WEB-INF/work/_JSP/*"{
grant {
permission java.lang.RuntimePermission "package.access.{pkg}", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission "/w:\\temp\\WEB-INF\\classes", "read";
I agree. Here's the link:
subject: Implementing a security policy for JSPs
It's not a secret anymore!