Manualshelf

NonStop Servlets for JSP System Administrator's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide525644-001
3-16
Configuring the Security Manager
Example 3-12 is a sample fragment of a web.xml file that maps any URL containing
the application name to a specific servlet.
Path mappings are relative to the context’s URL path. By providing a wildcard (*) any
URL containing the path /myapp1 will now always be passed to the startCartRequest
servlet.
Configuring the Security Manager
NSJSP can be started with a security manager. The SecurityManager function
enables a web application to run its own sandbox. The security manager allows us to
restrict trusted functionality to code that really requires it.
NSJSP uses its own version of the standard catalina.policy file that is
documented in Tomcat 4.0.3. The security policies implemented by the Java security
manager are configured in the iTP_catalina.policy file located in the
iTPWS_INSTALL_DIR/servlet_jsp/conf directory.
The iTP_catalina.policy file replaces any system java.policy file. The
iTP_catalina.policy file contains a default set of security policies to be enforced
(by the JVM) when NSJSP is executed with the -Djava.security.manager option
(see servlet.config on page 3-2). You can assign additional permissions to particular
web applications by adding additional "grant" entries.
Entries in the iTP_catalina.policy file use the standard java.policy file
format, as shown in Example 3-13
:
The signedBy and codeBase entries are optional when granting permissions.
Comment lines begin with // and end at the end of the current line. The codeBase is
in the form of a URL, and a file URL can use the ${java.home} and
${catalina.home} properties, which are expanded out to the directory paths
defined for them by the JAVA_HOME and CATALINA_HOME environment variables.
Example 3-12. Mapping a URL to the Servlet
<servlet-mapping>
<servlet-name>start</servlet-name>
<servlet-class>startCartRequest</servlet-class>
<url-pattern>/myapp1/*</url-pattern>
</servlet-mapping>
Example 3-13. Java Policy File Entry
// Example policy file entry
grant [signedBy <signer>,] [codeBase <code source>] {
permission <class> [<name> [, <action list>]];
};