How do I restrict access from servlets to certain directories?
Created May 7, 2012
Richard Braun [
How can I only allow the servlets in a specific web application to access only regular Tomcat directories and the directory under /tomcat/webapps/<web_app_name>?
So far I found out that with the default Tomcat configuration (I am using 3.2.1), I am able to access every directory at my server (like File.canWrite() on "/" returns true).]
So far I found out that with the default Tomcat configuration (I am using 3.2.1), I am able to access every directory at my server (like File.canWrite() on "/" returns true).]
It's not that difficult. You can simply use the Java Security, provided you have Java 2.
For example :
grant {
permission java.io.FilePermission "-", "read,write";
}
This only allows to read and write in the current directory and
its sub-directories. Write this in your tomcat.policy file
and then start tomcat like this :
/path/to/java/bin/java -Djava.security.manager -Djava.security.policy=/path/to/tomcat/conf/tomcat.policy -Dtomcat.home=/path/to/tomcat org.apache.tomcat.startup.Tomcat "$@" &Don't forget the necessary permissions for tomcat to work properly.
Bye ;)