wood burning stoves*
The moose likes Servlets and the fly likes Implementing a security policy for JSPs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Implementing a security policy for JSPs" Watch "Implementing a security policy for JSPs" New topic
Author

Implementing a security policy for JSPs

Ashwin Ala
Greenhorn

Joined: Aug 22, 2001
Posts: 1
Hi All,
Iam working on the Resin servlet container on Windows to run my JSPs.
I've been trying to implement a custom security policy for my JSPs to give them restricted access to resources like Server app classes and network sockets. So far I've made grant entries in the policy file for all code on the server and restarted the server with this file as the security.policy and this works fine. The problem arises when I try to specify a codeBase URL to define specific permissions for the folder containing the JSPs. These entries seem to get ignored and only the permissions set for the entire server are granted. Is my syntax wrong or do I have to write my own SecurityManager?
Im including my policy file entries so you can tell me where I went wrong. I haven't really found a lot of documentation about this on the Net so any kind of help would be much appreciated.
grant codeBase "file:w:/temp/WEB-INF/work/_JSP/*"{
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "package.access.{pkg}", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.io.FilePermission "/w:\\temp\\WEB-INF\\classes", "read";
-
-
-
-
};
Thanks,
Ashwin
 
Don't get me started about those stupid light bulbs.
 
subject: Implementing a security policy for JSPs
 
Similar Threads
Java2 Security Permissions
Problems with security policies for Axis2 in Tomcat
RAD - WAS6 Admin Console -Error page exception
acces denied
acces denied java.io.FilePermission