The moose likes Tomcat and the fly likes Shared hosting w/ Security-manager Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Shared hosting w/ Security-manager" Watch "Shared hosting w/ Security-manager" New topic

Shared hosting w/ Security-manager

Andrei Hager

Joined: Mar 06, 2007
Posts: 10
I'm wondering if any Tomcat gurus can check my ideas here before I go charging down blind alleys.

Setup: Tomcat and Apache are rnning on the same server. Apache proxies requests to specific directories over to Tomcat, using mod_proxy_ajp.

Problem: Basic security. And we don't want to use many JVMs.

Directory form:

Java code running from virtual.example.com or ethereal.com should have access to account_1 and subfolders, but no other files.

Similarly, code running from unreal or eerie should have access to account_2.

Right now we have some scripting which generates the apache config files etc., so a certain level of hardcoding is acceptable.

Question: Can I accomplish this using the SecurityManager policies? If so, can anyone provide tips?
Andrei Hager

Joined: Mar 06, 2007
Posts: 10
The answer, for anyone searching and finding this, is yes.

You can generate entries like this in catalina.policy:

So any code recursively under file:/var/www/accounts/account_1/ can read/write there. (Within the standard OS user security model, of course.)
[ April 10, 2008: Message edited by: Andrei Hager ]
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: Shared hosting w/ Security-manager
Similar Threads
Facing problem while accessing tomcat on a dedicated hosting Linux server
Help setting jforum and Apache->Tomcat connector
JForum is not working with the IP address
Tomcat installed, but scripts do not run
Access control problem: Tomcat + Apache