NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

381

382

383

384

385

386

387

388

389

390

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-38

Securing NSJSP Resources Using the

permissions Directive

In Example 8-10, you can notice that the following entry (the highlighted entry in the

example) is uncommented so that NSJSP runs with the Java Security Manager:

set NSJSP_SECMGR -Djava.security.manager

This entry is always commented out in the servlet.config file and by default,

NSJSP runs without the Java Security Manager. The following default definition in the

servlet.config file informs NSJSP not to run with a Java Security Manager:

set NSJSP_SECMGR -Dnsjsp.security.manager=none

Securing NSJSP Resources Using the permissions Directive

The permission attribute in the iTP_catalina.policy file represents access

permission to a system resource. A system resource could mean a particular method

in a class, resources such as disk files or system property values. When NSJSP is

running with Java Security Manager, the web application code must be provided

explicit permissions to execute secure code.

Example 8-10. Starting NSJSP with the Java Security Manager

# NSJSP Java2 System policy file and Java2 VM option.

# Note: the "double" equalto signs "==" is not a typo!! This informs

the JVM

# to use this file exclusively and that all others are to be ignored.

set env(JVM_POLICY_FILE) $env(NSJSP_HOME)/conf/iTP_catalina.policy

set NSJSP_SECMGR_POLICY -Djava.security.policy==$env(JVM_POLICY_FILE)

# By default, the JVM is run without a security manager.

# set NSJSP_SECMGR -Dnsjsp.security.manager=none

# If you wish to run with a security Manager, uncomment the next

# statement ("set NSJSP_SECMGR ...").

set NSJSP_SECMGR -Djava.security.manager

...

# This is the actual Arglist used to startup the NSJSP Container.

Arglist -Xmx64m -Xss128k -Xnoclassgc \

-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \

-Djava.util.logging.config.file=$env(NSJSP_HOME)/conf/logging.properties

-Djavax.management.builder.initial=com.tandem.servlet.jmx.NSJSPMBean

ServerBuilder \

$NSJSP_SECMGR \

$NSJSP_SECMGR_POLICY \

$NSJSP_JAAS_CONFIG \

-Dcatalina.home=$env(NSJSP_HOME) \

-Dcatalina.base=$env(NSJSP_HOME) \

-Djava.io.tmpdir=$env(NSJSP_HOME)/temp \

org.apache.catalina.startup.Bootstrap start