Hi All,
Iam working on the Resin
servlet container on Windows to run my JSPs.
I've been trying to implement a custom security policy for my JSPs to give them restricted access to resources like Server app classes and network sockets. So far I've made grant entries in the policy file for all code on the server and restarted the server with this file as the security.policy and this works fine. The problem arises when I try to specify a codeBase URL to define specific permissions for the folder containing the JSPs. These entries seem to get ignored and only the permissions set for the entire server are granted. Is my syntax wrong or do I have to write my own SecurityManager?
Im including my policy file entries so you can tell me where I went wrong. I haven't really found a lot of documentation about this on the Net so any kind of help would be much appreciated.
grant codeBase "file:w:/temp/WEB-INF/work/_JSP/*"{
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "package.access.{pkg}", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.io.FilePermission "/w:\\temp\\WEB-INF\\classes", "read";
-
-
-
-
};
Thanks,
Ashwin
