> > > I propose to change this order to #3 -> #1 -> #2 on the main branch, and
> > > then have
> > > people test it before we commit it to the 3.2 branch. Comments? Votes?
+1, modulo a security audit of the sandboxing security manager. That
was added fairly recently, right?
> > The order is important for security reasons, and is the right order.
> >
>
> For code used inside the container, Tomcat's classpath should rule. For
> within the application (which is already sandboxed), it is not.
I agree. And the XML parser example is one I've actually encountered :-(
BTW, this is an issue that has always infuriated me: Java as currently
spec'd is *not* sufficient for the needs of a persistent operating
system or environment. It needs a way to actively load and unload
classes, and select versions thereof. AdaptiveClassLoader is an
effective but clunky solution to a problem that should be solved by
the language (and/or the VM spec).
Plus there's the whole System.exit() thing. :-)
--
Alex Chaffee mailto:alex@jguru.com
jGuru - Java News and FAQs http://www.jguru.com/alex/
Creator of Gamelan http://www.gamelan.com/
Founder of Purple Technology http://www.purpletech.com/
Curator of Stinky Art Collective http://www.stinky.com/
|