Re: Tomcat4 manager application
Stefan Gybas <gybas@trustsec.de> writes:
> > I have security disabled in /etc/defaults/tomcat4.
>
> This is something you should IMHO not do. You should rather add a
> configuration file to /etc/tomcat4/policy.d/ for each webapps that needs
> special privileges.
Does one need "special privileges" just to run a JSP? Out of the box,
Tomcat did not run JSPs at all. If I remember correctly, there was a
permission problem writing the compiled servlets to /var/cache/tomcat4
that went away after I disabled the security manager.
Before I turned off the security manager, however, I did try to update
the policy for my webapp, but failed. Perhaps you can suggest the
necessary configuration to allow JSPs in the webapp "foo". It doesn't
need any special priviledges. It just needs to display "Hello, world!"
on the web page.
If, on the other hand, not being able to run JSPs that don't need any
permissions is a bug, I'll reproduce and submit a detailed bug report.
Please advise.
--
Bill Wohler <wohler@newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.
Reply to: