Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes JForum and the fly likes Running JForum with Security Policy Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Running JForum with Security Policy" Watch "Running JForum with Security Policy" New topic

Running JForum with Security Policy

Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I am running JForum on Tomcat with the security manager. It took a while for me to get the security policy created. I basically ran with security debugging on and granted permissions when I saw access errors. I did this until it ran without errors. I have been running a couple of days without access errors so this is pretty close to everything you need. The security is relatively fine grained but in general I gave permissions to all classes and libraries within the application directory to work within the application directory at the access level they needed. I could have given the permissions to specific classes but this would have taken even longer and been more complicated to manage. I think this provides a reasonable security policy. Let me know if you have any suggestions for improvement. I am posting here as a starting point for others.

[originally posted on by parisila]
I agree. Here's the link:
subject: Running JForum with Security Policy
jQuery in Action, 3rd edition