O'Reilly logo

Tomcat: The Definitive Guide, 2nd Edition by Ian F. Darwin, Jason Brittain

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using the SecurityManager

One of the nice features of the Java runtime environment is that it allows application developers to configure fine-grained security policies for constraining Java code via SecurityManagers. This in turn allows you to accept or reject a program's attempt to shut down the JVM, access local disk files, or connect to arbitrary network locations.

In the case of Java server software, turning on the security manager with a carefully configured security policy can ensure that malicious network clients cannot command the JVM to access anything that the administrator did not preapprove. For example, your security policy can dictate that your custom servlets are not allowed to access any files on the filesystem. This would make it impossible for an attacker to carefully craft requests to use those custom servlets to expose the contents of files on the server; the security manager would stop them even if the servlets didn't.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required