Security Manager with Resin
Resin 3.0

Features
Installation
Configuration
Web Applications
IOC/AOP
Resources
JSP
Quercus
Servlets and Filters
Databases
Admin (JMX)
CMP
EJB
Amber
EJB 3.0
Security
XML and XSLT
XTP
JMS
Performance
Protocols
Third-party
Troubleshooting/FAQ

Authentication
Digest Passwords
Authorization
SSL
Security Manager
Malicious Attacks
Tutorials
FAQ
Scrapbook
SSL
Security
Malicious Attacks

In ISP environments, it's important that each user have restricted permissions to use the server. Normally, the web server will be run as a non-root user so the users can't read system files, but that user will still have read access. The use of RMI also requires a security manager.

Don't use a security manager if you're not in an ISP environment or using RMI. There's no need for it and the security manager does slow the server down somewhat.

  1. java.policy
  2. java.policy syntax

Adding a Java security manager puts each web-app into a "sandbox" where Java limits the things that can be done from code within th web-app.

The security manager is enabled by adding a <security-manager> tag in the resin.conf.

enabling security-manager in resin.conf
<resin xmlns="http://caucho.com/ns/resin"
       xmlns:resin="http://caucho.com/ns/resin/core">

  <security-manager/>

  ...

java.policy

The security manager determines a policy that applies to the current virtual machine. The security manager is controlled by policy file's.

The simplest way to change the policy is to change one of the default policy file's. There are two default policy files that are used by the JDK:

${java.home}/lib/security/java.policy
${user.home}/.java.policy

An additional policy file can be set using the java.security.policy system property at the command line:

unix$ bin/httpd.sh -Djava.security.policy=file:/path/to/java.policy
win$ bin/httpd.exe -Djava.security.policy=file:/path/to/java.policy

The resulting policy for the virtual machine is the union of all granted permissions in all policy files.

java.policy syntax

A useful resource is Sun's documentation about security , in particular the policy permissions and policy file syntax files are useful.

Each web-app automatically has permissions to read, write and delete any file under the web-app's directory, including WEB-INF. It also has read permission for the classpath, including <classpath> from the <host> and <server> contexts.

sample java.policy
#
# Permissions allowed for everyone.
#
grant {
  permission java.util.PropertyPermission "*", "read";
  permission java.lang.RuntimePermission "accessClassInPackage.*";
  permission java.net.SocketPermission "mysql.myhost.com:3306" "connect";
  permission java.io.FilePermission "/opt/resin/xsl/*", "read";
};

#
# Give the system and Resin classes all permissions
#
grant codeBase "file:${resin.home}/lib/-" {
	permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/lib/-" {
	permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/jre/lib/-" {
	permission java.security.AllPermission;
};

#
# Give a specific web-app additional permissions.
#
grant codeBase "file:/opt/web/webapps/ejb/WEB-INF/-" {
	permission java.io.FilePermission "/opt/web/doc/*", "read";
};


SSL
Security
Malicious Attacks
Copyright © 1998-2006 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.