On 01/04/10 16:35, Ronald.Monzillo_at_Sun.COM wrote:
> Felipe,
>
> This support is not included in either of the Policy providers
> included in v3,
> but either provider could be enhanced to look for a suplemental policy
> file
> (as a resource) within the deployment archive.
>
> The policy file would presumably contain grants to the codesource of
> the deployed application.
> and the policy subsystem could impose constraints on the "origin" of
> the archive and policy file.
>
> This is something that we have discussed adding, and it is certainly
> something that could be
> added (by others) via a custom policy provider (perhaps derived from
> one of the existing providers).
>
> Ron
ps: I should also mention that you can configure the java.security file
of the jdk such that the PolicyFile subsystem will
read other policy files (in addition to server.policy). You could use
this mechanism to configure application
specific grants that you wish to persist in spite of deployment and
undeployment of your apps. The grants within
such files would presumably be to the code source of the specific app or
apps to which you want to grant the additional
perms.
>
> On 12/28/09 13:00, Felipe Gaścho wrote:
>> very nice blog.. thanks..
>>
>> * I figured out Glassfish have no security per project - like the one
>> provided by Websphere for example :) It forces the security
>> configuration to be hard-coded in the server installation files..
>> what is not so good.. but it is also not a big deal for now...........
>> another enhancement for the future of our fish
>>
>> On Mon, Dec 28, 2009 at 9:12 AM, Kumar Jayanti <Vbkumar.Jayanti_at_sun.com> wrote:
>>
>>> Felipe Gaścho wrote:
>>>
>>> does this answer your question?
>>>
>>>
>>> no :)
>>>
>>> because I was looking for a chance to have a policy specific for a
>>> project... like: if 1 web-application needs Reflection permission,
>>> today I need to edit the server.policy (ot other file configured as
>>> you suggested)..
>>>
>>> but if I upgrade the Glassfish, goodbye configuration..
>>>
>>> so, much better if I can deploy the policy together with the
>>> application........
>>>
>>> * I know, it may opens a security breach.. but perhaps there is a way
>>> to do that..............
>>>
>>>
>>>
>>> You may find this useful : http://blogs.sun.com/monzillo/date/20071218
>>>
>>> regards,
>>> kumar
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>