Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Implementing a security policy for JSPs

 
Ashwin Ala
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Iam working on the Resin servlet container on Windows to run my JSPs.
I've been trying to implement a custom security policy for my JSPs to give them restricted access to resources like Server app classes and network sockets. So far I've made grant entries in the policy file for all code on the server and restarted the server with this file as the security.policy and this works fine. The problem arises when I try to specify a codeBase URL to define specific permissions for the folder containing the JSPs. These entries seem to get ignored and only the permissions set for the entire server are granted. Is my syntax wrong or do I have to write my own SecurityManager?
Im including my policy file entries so you can tell me where I went wrong. I haven't really found a lot of documentation about this on the Net so any kind of help would be much appreciated.
grant codeBase "file:w:/temp/WEB-INF/work/_JSP/*"{
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "package.access.{pkg}", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.io.FilePermission "/w:\\temp\\WEB-INF\\classes", "read";
-
-
-
-
};
Thanks,
Ashwin
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic