Does anybody actually use the permissions policy controls in tomcat?

Posted by stu on Stack Overflow See other posts from Stack Overflow or by stu
Published on 2010-03-28T21:42:32Z Indexed on 2010/03/28 21:43 UTC
Read the original article Hit count: 147

Filed under:

tomcat

|

policy

While I can appreciate the point of the fine granularity in which you can enable security for every single little thing for each individual application in tomcat, in reality, it's an insane pain in the ass. Every single file, socket, everything for every single application. Sure if you're writing a "hello world" application, it's not too much to ask, but an enterprise sized application? That's insane. Does anybody actually use it, or does everybody just say "*" for everything?

© Stack Overflow or respective owner

Related posts about tomcat

SSL in tomcat with apr and Centos 6

as seen on Super User - Search for 'Super User'
I'm facing a problem setting up my tomcat with apr native lib, I have the following: Tomcat: 7.0.42 Java: 1.7.0_40-b43 OS: Centos 6.4 (2.6.32-358.18.1.el6.i686) APR: 1.3.9 Native lib: 1.1.27 OpenSSL: openssl-1.0.0-27.el6_4.2.i686 My server.xml looks like: ... <Listener className="org.apache… >>> More
Apache+Tomcat VS Stand Alone Tomcat or GlassFish

as seen on Server Fault - Search for 'Server Fault'
Hi, I am setting up a Debian server to serve Java web applications. I have done quite a bit of research for several weeks now. Tomcat's web site says it is better to use stand alone Tomcat for speed if you are not clustering. However, I have seen many people suggest that using Apache + Tomcat… >>> More
Tomcat - How to limit the maximum memory Tomcat will use

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Guys, I am running Tomcat on a small VPS (256MB/512MB) and I want to explicitly limit the amount of memory Tomcat uses. I understand that I can configure this somehow by passing in the java maximum heap and initial heap size arguments; -Xmx256m -Xms128m But I can't find where to put this… >>> More
Tomcat 4.1.X and Tomcat 5.0.X

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a problem about tomcat, Our application designed on Tomcat 4.1.X and When I restart Tomcat 4.1.X there is no problem. But I upgrade it to Tomcat 5.0.X. Now ,when I restart Tomcat 5.0.X session is down and application redirect me to login page. Any idea? >>> More
Restarting Tomcat from Tomcat itself

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, is it possible to restart Tomcat6 by executing a JSP? This because I would like to deploy the changes of an application by doing it remotely using the webserver. The deploy script is written in bash and it checkouts the latest version from the svn, then package it as a war, then copy it in… >>> More

Related posts about policy

Active Directory Password Policy Problem

as seen on Server Fault - Search for 'Server Fault'
To Clarify: my question is why isn't my password policy applying to people in the domain. Hey guys, having trouble with our password policy in Active Directory. Sometimes it just helps me to type out what I’m seeing It appears to not be applying properly across the board. I am new to this environment… >>> More
How do I set a Group Policy's Password Policy in C#

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to retrieve a group policy from a Windows Server 2008 Active Directory and change the minimum password age, maximum password age, and minimum password length in a C# application. Is there a way to do this? So far I have only found out how to create new Group Policy objects using Interop… >>> More
Problem with network policy rule in Network Policy Server

as seen on Server Fault - Search for 'Server Fault'
Trying to configure RADIUS for a college network, and have run into the following frustration: I can't set an "AND" condition for group membership of authenticated objects in the network policy rules, e.g. I'm trying to create a NPS rule that says, essentially "IF user is a member of [list of user… >>> More
Oracle Tutor: Installing Is Not Implementing or Why CIO's should care about End User Adoption

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Eighteen months ago I showed Tutor and UPK Productive Day One overview to a CIO friend of mine. He works in a manufacturing business which had been recently purchased by a global conglomerate. He had a major implementation coming up, but said that the corporate team would be coming in to handle the… >>> More
AD User Passwords expiring without any notifications?

as seen on Server Fault - Search for 'Server Fault'
We setup password Policies in Active Directory to Expire peoples passwords after so many days. Well it looks like the time has come for the Expiration of the Passwords and people are getting locked out... There has been no warning of user passwords about to expire. They just come in to work and… >>> More