I'm wondering if any
Tomcat gurus can check my ideas here before I go charging down blind alleys.
Setup: Tomcat and Apache are rnning on the same server. Apache proxies requests to specific directories over to Tomcat, using mod_proxy_ajp.
Problem: Basic security. And we don't want to use many JVMs.
Directory form:
/var/www/account_1/virtual.example.com/...
/var/www/account_1/ethereal.example.com/...
/var/www/account_2/unreal.example.com/...
/var/www/account_2/eerie.example.com/...
Java code running from virtual.example.com or ethereal.com should have access to account_1 and subfolders, but no other files.
Similarly, code running from unreal or eerie should have access to account_2.
Right now we have some scripting which generates the apache config files etc., so a certain level of hardcoding is acceptable.
Question: Can I accomplish this using the SecurityManager policies? If so, can anyone provide tips?