Chapter 10 Configuring Security Manager
A Security Manager permits a web browser to run an applet in its own sandbox to prevent untrusted code from accessing files on the local file system. This also permits you to protect your browser from running an untrusted applet.
Permissions
Tomcat includes standard Permission classes. The following lists the Standard Permissions:
java.util.PropertyPermission– This controls read/write access to JVM properties.
java.lang.RuntimePermission– This controls the use of System/Runtime functions and package access/definition.
java.io.FilePermission– This controls read/write/execute access to files and directories.
java.net.SocketPermission– This controls use of network sockets.
java.net.NetPermission– This controls use of multicast network connections.
java.lang.reflect.ReflectPermission– This controls use of reflection to perform class introspection.
java.security.SecurityPermission– This controls access to Security methods.
java.security.AllPermission– This permits access to all permissions.
Configuring Tomcat with a Security Manager
Java Security Manager implements security policies which are configured in the $CATALINA_HOME/conf/catalina.policy file. The file can be edited manually or you may use a policy tool application with Java 1.2 or later.
Starting Tomcat with a Security Manager
After you have successfully configured the catalina.policy file, use the -security option to start Tomcat with a SecurityManager.
$CATALINA_HOME/bin/catalina.sh start -security(Unix)
$CATALINA_HOME%\bin\catalina start -security(Windows)