skip to main content
Core Progress Application Server security : JVM security manager
 

JVM security manager

When you run Tomcat, each instance of the server runs in the context of its own individual JVM whose security can be managed with the Java Security Manger.
PAS is enabled with a default configuration of the standard JVM Security Manager. The JVM security is configured in the /conf/catalina.policy file of a given PAS instance.
The catalina.policy file uses Permission classes, either the built-in JDK classes or customized classes, to control what actions a class can take. The following are just a few examples of the built-in classes:
*java.io.FilePermissions: controls access to read, write, delete, and other actions for files and directories
*java.net.SocketPermissions: controls network access through sockets
*java.security.SecurityPermissions: controls access to security methods
For more information on the JVM Security Manager in Tomcat, see http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
.