|
The simplest way to setup a security manager in your JVM is
to add the following properties to your wrapper.conf file:
| Configureation Example: |
wrapper.java.additional.1=-Djava.security.manager
wrapper.java.additional.2=-Djava.security.policy=../conf/java.policy
|
java.security.manager:
The first system property, java.security.manager,
tells Java that a security manager should be created when the JVM is created.
security.policy:
The second system property, security.policy,
then tells the location of a file
which will describe the permissions that should be granted within your application.
The policy file is a simple text file.
| Example of Pilicy file: |
// Give Wrapper classes full permissions
grant codeBase "file:../lib/wrapper.jar" {
permission java.security.AllPermission;
};
// Grant various permissions to a specific service.
grant codeBase "file:../lib/-" {
permission org.tanukisoftware.wrapper.security.WrapperServicePermission
"myservice", "interrogate,start,stop";
};
|
The first block lets the classes wrapper.jar have full permissions to do anything.
This is advised as the Wrapper needs to be able to launch your entire application
meaning that anything your application does is originating from the Wrapper.
The second block means that any other classes in jars in your lib directory
are able to make calls to interrogate, start, and stop the "myservice" service via the Wrapper.
If this is not there,
then the calls will result in SecurityExceptions being thrown.
|
