We have a locally-developed triple store based on b-trees which I want to use for persistent storage in a number of servlet applications. Rather than embed the b-tree index files in the servlet .war, I would like to store them at a known location and have the servlets access them directly. This all works in Jetty, but raises a security exception when I try it in Tomcat. I'm told that Tomcat's security model requires explicit permissions for a servlet to access files outside the directory tree where the .war is unpacked. If I've understood the Tomcat (version 5.5) documentation correctly, the following added to catalina.policyshould allow the servlet to access the directories where the index files are:

我们有一个基于 b 树的本地开发的三元组存储，我想将其用于许多 servlet 应用程序中的持久存储。我不想将 b 树索引文件嵌入到 servlet .war 中，而是希望将它们存储在已知位置并让 servlet 直接访问它们。这一切都适用于 Jetty，但是当我在 Tomcat 中尝试时会引发安全异常。有人告诉我 Tomcat 的安全模型需要 servlet 的显式权限才能访问解压缩 .war 的目录树之外的文件。如果我正确理解了 Tomcat（5.5 版）文档，那么添加的以下内容catalina.policy应该允许 servlet 访问索引文件所在的目录：

grant codeBase "jar:file:${catalina.home}/webapps/mytestapp/-"
{
  permission java.io.FilePermission "/var/data/tdb/-", "read, write, delete"; 
}

However, I still get a security exception:

但是，我仍然收到安全异常：

java.io.FileNotFoundException: 
                    /var/data/tdb/kb/node2id.idn (Permission denied)
    at java.io.RandomAccessFile.open(Native Method)
    ...

To tick off the obvious dumb errors: I've checked that the index files are at the correct location, with the correct permissions, and are not corrupted. Any suggestions or hints at what I've got wrong in the security settings would be gratefully received.

勾选明显的愚蠢错误：我已经检查过索引文件位于正确的位置，具有正确的权限，并且没有损坏。任何关于我在安全设置中出错的建议或提示将不胜感激。