tomcat5 policy changes suggestion

Wolfgang Baer WBaer at gmx.de
Mon Dec 12 15:15:55 UTC 2005


Hi Michael,

Michael Jenik wrote:
> Hi,
> 
> I have installed tomcat5 pro apt-get install tomcat5
> unstable.-
> 
> I heve had many problems discovering that there were
> missing permissions in the policy files.

There are no missing permissions at all - Everything
required to run tomcat5 (with its bundled applications)
is there.

The setting of policies for web applications is in the
responsibility of the administrator. The package maintainers
cannot know what will be installed on tomcat in the end.

> catalina wasn't able to deploy use a jsf aplication in
> a war file.
> 
> I solved the problem adding this lines to
> 04webapps.policy.
> How this stuff could be workarrounded ?

Seems you have already workaround it by adding your
needed stuff in 04webapps.policy. However I would suggest
using a per webapp file for the new permissions and let
the existing file only be used for the tomcat bundled policy.
> 
>  permission java.io.FilePermission
> "/var/lib/tomcat5/temp/-", "read,write,delete";

>  permission java.io.FilePermission
> "/var/lib/tomcat5/conf/Catalina/-",
> "read,write,delete";
>  permission java.net.SocketPermission
> "java.sun.com:80", "connect,resolve";

You didn't say what application you are trying to deploy.
However giving complete permissions to the configuration
directory is not a good thing imho. Also I wonder why an
application needs to connect to java.sun.com ?

Regards,
Wolfgang



More information about the pkg-java-maintainers mailing list