radioAe6rt

Profiling a Java application’s security needs

leave a comment »

Writing up in a bit more detail the recent work on Java app security profiling.

5 Nov 2006 update. I now believe this method is unworkable. See the updated tutorial preamble.

6 Nov 2006 update. On again, off again. I think I got it working. The joys of discovery.

21 Nov 2006 update: I added a simple cache to ProfilingSecurityManager to suppress the writing of duplicate rules during profiling. This saves a considerable amount of I/O.

[tags]java security, java security managers,tomcat,webapps[/tags]

Written by radioae6rt

November 2, 2006 at 6:48 pm

Posted in Internet

Leave a Reply