File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JForum and the fly likes Running JForum with Security Policy Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "Running JForum with Security Policy" Watch "Running JForum with Security Policy" New topic

Running JForum with Security Policy

Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I am running JForum on Tomcat with the security manager. It took a while for me to get the security policy created. I basically ran with security debugging on and granted permissions when I saw access errors. I did this until it ran without errors. I have been running a couple of days without access errors so this is pretty close to everything you need. The security is relatively fine grained but in general I gave permissions to all classes and libraries within the application directory to work within the application directory at the access level they needed. I could have given the permissions to specific classes but this would have taken even longer and been more complicated to manage. I think this provides a reasonable security policy. Let me know if you have any suggestions for improvement. I am posting here as a starting point for others.

[originally posted on by parisila]
I agree. Here's the link:
subject: Running JForum with Security Policy
It's not a secret anymore!