tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rickard Oberg" <rick...@telkel.com>
Subject Re: Tomcat & JNDI
Date Thu, 09 Nov 2000 16:57:07 GMT
Hey


> > > > The latest jBoss release (see jboss.org for download) contains
embedded
> > > > Tomcat 3.2 integration and support for "java:comp/env" namespace
where
> > > > you can bind environment entries, resource references, and EJB
> > > > references.
> > >
> > > All I can say is that I hate licenses.... ( GPL, Apache - all of
them ).
> >
> > Me too. So? What does this have to do with JNDI?
>
> It has to do with what can be included and what can't be included in a
> product. It would be nice if some of this code ( support for jndi for
> tomcat ) could be contributed back to tomcat, but it's GPL vs. Apache.

No problemo. The GPL issue is being resolved (=we're switching license).

> > Not sure what you mean. Each application has its own ACL right? Or what
> > would be the problem? Can you expand on this point.
>
> Each application has its own class loader, but it doesn't have to be
> AdaptiveClassLoader ( the class loader is "pluggable" ), and in fact if
> you are running in a secure environment ( use sandbox, run untrusted apps
> ) it is better to use the 1.2 loader interceptor that plugs the
> unmodified URLClassLoader.
>
>
> If the untrusted apps can access AdaptiveClassLoader they may get
> additional permissions, like changing the class path, and also ACL
> doesn't implement the "Sealed" and other security attributes. That means
> code that assumes ACL is present may not run in all configurations.

Ah, I see. Well, I don't rely on the ACL. I rely only on *a* CL being set as
context classloader/app, that's all. I don't which one it is.  :-) Basically
I just keep a hashtable with the CL as key and the namespace as value.
Simple and works.

/Rickard




Mime
View raw message