Chapter 14: Tomcat Security Enabling Creation of a
Chapter 14: Tomcat Security Enabling Creation of a Class Loader The following example shows how to give a specific Web application, yourWebApp, the capability to create a class loader: grant codeBase file:${catalina.home}/webapps/yourWebApp/WEB-INF/classes/- { permission java.lang.RuntimePermission createClassLoader ; }; Enabling JDBC Drivers to Open Socket Connections to Databases The following example shows how to allow all Web applications access to a specific database running on the host db.server.comon port 54321: grant codeBase file:${catalina.home}/webapps/- { permission java.net.SocketPermission db.server.com:54321 , connect ; }; Note that the preceding example allows all code across all of your Web applications to connect to db.server.com:54321. If this is too much of a security risk, the JDBC driver can be explicitly granted permission individually: grant codeBase file:${catalina.home}/webapps/webAppName/WEB-INF/lib/ mysql-connector-java-5.0.4-bin.jar { permission java.net.SocketPermission db.server.com:54321 , connect ; }; Sending E-Mail with JavaMail Sending e-mail requires that a Web application have access to port 25 on an SMTP server. The following example shows how to grant this permission to all classes in a Web application: grant codeBase file:${catalina.home}/webapps/myWebApp/WEB-INF/classes/- { permission java.net.SocketPermission mail.server.com:25 , connect ; }; Reading or Writing to Files Outside of the Web Application s Directory Earlier in this chapter, we discussed securing the file system. If the file system has been properly secured, the following grant can be used to give Web applications full access to the file system (and thus rely on the operating system to enforce permissions): grant { java.io.FilePermission <
If you looking for unlimited one inclusive web hosting plan please check web hosting plan website.