tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmanola...@yahoo.com
Subject Re: Tomcat & JNDI
Date Thu, 09 Nov 2000 16:35:17 GMT
> > > The latest jBoss release (see jboss.org for download) contains embedded
> > > Tomcat 3.2 integration and support for "java:comp/env" namespace where
> > > you can bind environment entries, resource references, and EJB
> > > references.
> >
> > All I can say is that I hate licenses.... ( GPL, Apache - all of them ).
> 
> Me too. So? What does this have to do with JNDI?

It has to do with what can be included and what can't be included in a
product. It would be nice if some of this code ( support for jndi for
tomcat ) could be contributed back to tomcat, but it's GPL vs. Apache.


> > it should work in most cases.
> >
> > ( the problems are related with sandboxing and exposing only a minimal set
> > of informations, AdaptiveClassLoader can also be replaced by
> > URLClassLoader in JDK1.2, etc)
> 
> Not sure what you mean. Each application has its own ACL right? Or what
> would be the problem? Can you expand on this point.

Each application has its own class loader, but it doesn't have to be
AdaptiveClassLoader ( the class loader is "pluggable" ), and in fact if
you are running in a secure environment ( use sandbox, run untrusted apps
) it is better to use the 1.2 loader interceptor that plugs the
unmodified URLClassLoader. 


If the untrusted apps can access AdaptiveClassLoader they may get
additional permissions, like changing the class path, and also ACL
doesn't implement the "Sealed" and other security attributes. That means
code that assumes ACL is present may not run in all configurations.


Costin




Mime
View raw message