avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Kohlhaas <kohlh...@bonn.edu>
Subject Fortress in a sandbox
Date Fri, 06 Sep 2002 15:09:29 GMT
I have successfully run fortress in a webstart and applet sandbox.
I'm developing an OS resource-management and scheduling application
(primary for schools and universities) and the server and also the
swing client are based on a fortress-container. The client should also
run in sandboxed environments.
To solve this I had to workaround the following problems

1. A Bug in ContextManager. I posted this issue in a Thread called
"Problem with asynchronous disposing" one month ago: The components
will not be disposed on containerManager.dispose() and this prevents
the VM from closing (if a service is using non daemon threads). I
could resolve this with the patch from Leo Sutic. Any reasons why this
patch hasn't been applied yet?

2. org.apache.excalibur.util.SystemUtil throws a SecurityException on
intitialization. Cause: The Sandbox prevents access to the
System.properties and to /proc/cpu-info (under linux).  I resolved
this with to short modifications to TPCThreadManager and
ContextManager. In TPCThreadManager the m_processors variable is
initialized lazily so a call to SystemUtil is not necessary if the
processesors parameter is set. In the ContextManager the processors
value is passed to the TPCThreadManger if found on context. Patches
are appended.

3. org.apache.excalibur.source.impl.SourceResolverImpl throws
a SecurityExcetpion on contextualization. Cause:

( (File)m_context.get( "context-root" ) ).toURL()

The toURL method accesses System-variables (and the local file-system)
when trying to convert the file to an URL. The SourceResolverImpl
class is needed internally by the ContextManger to resolve the
locations of the configuration-filse. But with applets or webstart
clients these configurations are normally located on the server and
"context-root" should be something like 
"http://myserver.mydomain:myport/mycontext" instead of File-Object.

I could only solve this by overriding initializeOwnComponentManager()
of ContextManager with an empty method and setting the configurations
manually with:


I would be pleased if you could apply the two minor patches + the one
from Leo, so that I could be in sync with the latest fortress versions.
On the other hand I could try to write a short documentation on using
fortress with clients (Issues with multithreading and swing,
sandboxing, ..) if your interested. Sandboxing should also be a
subject with restricted servlet containers.

Regards Christopher

View raw message