Chapter 14: Tomcat Security Note that comments in
Chapter 14: Tomcat Security Note that comments in policy files must begin with // on each line. As shown in the first grantentry earlier, the codeBaseattribute is optional. codeBase specifies a URL to which all the permissions should apply. The syntax is shown in the following table. codeBase Example Description file:/C:/myapp/ http://java.sun.com/* file:/funstuff/Indicates that code in the directory c:myappwill be assigned the permissions in the grantblock. Note that the slash (/) indicates that only class files in the directory will receive the permissions, not any JAR files or subdirectories. All code from the specified URL will be granted the permissions. In this case, the /* at the end of the URL indicates that all class files and JAR files will be assigned the permissions, but not any subdirectories. All code in the /funstuff directory will be granted the permissions. The slash (/-) indicates that all class files and JAR files in the directory and its subdirectories will be assigned the permissions. Within the grant block, one or more permissions can be assigned. Each permission consists of a permission class name and, in some cases, an additional target that identifies a specific permission within the permission class. Some permission targets can additionally take parameters, called actions. Following are some examples of permissions: grant { // allows applications to listen on all ports permission java.net.SocketPermission localhost , listen ; // allows applications to read the java.version property permission java.util.PropertyPermission java.version , read ; } Available Permissions Permissions are defined by special classes that ultimately inherit from the abstract class java.security .Permission. Most permission classes define special targets that represent a security permission that can be turned on and off. For example, the java.lang.RuntimePermission class defines the targets shown in the following table. (Note that this is not a complete list.) Target Name Description createClassLoader exitVM.{n} Allows an application to create a custom class loader Allows an application to exit the JVM via the System.exit(n)method As of Java SE 6, there are 19 different permission classes offering control over various permissions. The following table shows a partial list of these classes to demonstrate the breadth of what is possible with permissions. This list is not an exhaustive listing of all possible permission targets. All of the permissions
For high quality java hosting services please check tomcat web hosting website.