Charity and I decided to set up a website for our wedding that our guests could use to RSVP. It's all very basic stuff and I pretty much had it up and running without too much problems... Until I tried to deploy it.
That's when I ran right into Java's SecurityManager. The web hosting provider we're using runs Tomcat with security enabled, which makes sense, but it's something I've never had to deal with in the past.
I've been banging my head against the wall for a few days now and it looks like I finally have everything working. My three biggest problems were/are:
- Figuring out how to grant the webapp permission to read files that are inside a JAR (e.g. with a URI of "jar:file:/path/to/jar.jar!/file"). Nothing I do seems to work, and my current solution is to just expand the jar file.
- Apparently OGNL implements its own security checks if you're running with a SecurityManager, and you need to grant special OGNL-specific permissions if you want it to work. Since my provider is loath to grant new permissions, my solution was to just fool OGNL into thinking that there is no SecurityManager by implementing a
ServletContextListenerthat callsOgnlRuntime.setSecurityManager(null). - Figuring out how to use Log4J with the SMTPAppender. Haven't had time to dig through the source, so I decided not to use it instead.
These aren't solutions so much as dirty hacks to side step the SecurityManager. It just shouldn't be this hard...
No comments:
Post a Comment