Does anybody actually use the permissions policy controls in tomcat?
https://stackoverflow.com/questions/2534689
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
While I can appreciate the point of the fine granularity in which you can enable security for every single little thing for each individual application in tomcat, in reality, it's an insane pain in the ass. Every single file, socket, everything for every single application. Sure if you're writing a "hello world" application, it's not too much to ask, but an enterprise sized application? That's insane. Does anybody actually use it, or does everybody just say "*" for everything?
Solution
You would use the permissions policy in an environment where you can't trust the applications deployed in tomcat. There is a significant impact on performance, so in practice it is rarely used.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
