NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

381

382

383

384

385

386

387

388

389

390

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-35

Java Security Manager

The Java security manager can be used to restrict access to system resources, such

as Java Virtual Machine (JVM) properties, methods, and sockets, thus safeguarding

application data and services, and ensuring the security and reliability of NSJSP.

This section explains some of the features of the Java security manager that are used

in NSJSP.

This section contains the following topics:



Configuring the Java Security Manager



Securing NSJSP Resources Using the permissions Directive



Package Protection in NSJSP



Troubleshooting the Java Security Manager

Configuring the Java Security Manager

The security policies implemented by the Java Security Manager are configured in the

iTP_catalina.policy file located in the <NSJSP_HOME>/conf directory.

The iTP_catalina.policy file replaces any system java.policy file. The

iTP_catalina.policy file contains a default set of security policies to be enforced

(by the JVM) when NSJSP is run with the java.security.manager option. You can

assign additional permissions to individual web applications by adding additional

grant entries in the iTP_catalina.policy file.

Entries in the iTP_catalina.policy file use the standard format for java.policy

files, as shown in Example 8-8:

The signedBy and codeBase entries are optional when granting permissions.

Comment lines begin with // and end at the end of the current line. The codeBase is

in the form of a URL, which can use the ${java.home} and the ${catalina.home}

properties, which are expanded to the directory paths defined for them by the

JAVA_HOME, CATALINA_BASE, and CATALINA_HOME environment variables.

The default iTP_catalina.policy file contains all the grant entries in the

standard catalina.policy file and additional entries for the NSJSP container, as

shown in Example 8-9

Note. The complete details of the Java security manager are beyond the scope of this section.

Example 8-8. Java Policy File Entry

// Example policy file entry

grant [signedBy <signer>,] [codeBase <code source>] {

permission <class> [<name> [, <action list>]];

};