This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Shared hosting w/ Security-manager Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Shared hosting w/ Security-manager" Watch "Shared hosting w/ Security-manager" New topic
Author

Shared hosting w/ Security-manager

Andrei Hager
Greenhorn

Joined: Mar 06, 2007
Posts: 10
I'm wondering if any Tomcat gurus can check my ideas here before I go charging down blind alleys.

Setup: Tomcat and Apache are rnning on the same server. Apache proxies requests to specific directories over to Tomcat, using mod_proxy_ajp.

Problem: Basic security. And we don't want to use many JVMs.

Directory form:
/var/www/account_1/virtual.example.com/...
/var/www/account_1/ethereal.example.com/...
/var/www/account_2/unreal.example.com/...
/var/www/account_2/eerie.example.com/...

Java code running from virtual.example.com or ethereal.com should have access to account_1 and subfolders, but no other files.

Similarly, code running from unreal or eerie should have access to account_2.

Right now we have some scripting which generates the apache config files etc., so a certain level of hardcoding is acceptable.

Question: Can I accomplish this using the SecurityManager policies? If so, can anyone provide tips?
Andrei Hager
Greenhorn

Joined: Mar 06, 2007
Posts: 10
The answer, for anyone searching and finding this, is yes.

You can generate entries like this in catalina.policy:

So any code recursively under file:/var/www/accounts/account_1/ can read/write there. (Within the standard OS user security model, of course.)
[ April 10, 2008: Message edited by: Andrei Hager ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Shared hosting w/ Security-manager
 
Similar Threads
Facing problem while accessing tomcat on a dedicated hosting Linux server
Help setting jforum and Apache->Tomcat connector
JForum is not working with the IP address
Tomcat installed, but scripts do not run
Access control problem: Tomcat + Apache