We have a locally developed three-local b-tree store that I want to use for permanent storage in a number of servlet applications. Instead of embedding the b-tree index files in the .war servlet, I would like to save them in a known place and access the servlets directly. All of this works in Jetty, but there is a security issue when trying in Tomcat. I was told that the Tomcat security model requires explicit permissions for the servlet to access files outside the directory tree where .war is unpacked. If I correctly understood the Tomcat documentation (version 5.5), the following added to catalina.policyshould allow the servlet to access the directories in which the index files are located:
grant codeBase "jar:file:${catalina.home}/webapps/mytestapp/-"
{
permission java.io.FilePermission "/var/data/tdb/-", "read, write, delete";
}
However, I still get a security exception:
java.io.FileNotFoundException:
/var/data/tdb/kb/node2id.idn (Permission denied)
at java.io.RandomAccessFile.open(Native Method)
...
Note obvious dumb errors: I checked that the index files are in the right place, with the correct permissions and not corrupted. Any suggestions or hints that I was mistaken in the security settings will be greatly appreciated.
source
share