Return-Path: <rickard@telkel.com>
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 77351 invoked from network); 9 Nov 2000 16:55:23 -0000
Received: from fep01.swip.net (HELO fep01-svc.swip.net) (130.244.199.129)
  by locus.apache.org with SMTP; 9 Nov 2000 16:55:23 -0000
Received: from mobile ([212.151.0.33]) by fep01-svc.swip.net
          (InterMail vM.5.01.01.01 201-252-104) with SMTP
          id <20001109165455.NOU27973.fep01-svc.swip.net@mobile>
          for <tomcat-dev@jakarta.apache.org>;
          Thu, 9 Nov 2000 17:54:55 +0100
Message-ID: <003301c04a6e$17d580e0$6218010a@home>
From: "Rickard Oberg" <rickard@telkel.com>
To: <tomcat-dev@jakarta.apache.org>
References: <Pine.LNX.4.21.0011090828440.29448-100000@costin>
Subject: Re: Tomcat & JNDI
Date: Thu, 9 Nov 2000 17:57:07 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

Hey


> > > > The latest jBoss release (see jboss.org for download) contains
embedded
> > > > Tomcat 3.2 integration and support for "java:comp/env" namespace
where
> > > > you can bind environment entries, resource references, and EJB
> > > > references.
> > >
> > > All I can say is that I hate licenses.... ( GPL, Apache - all of
them ).
> >
> > Me too. So? What does this have to do with JNDI?
>
> It has to do with what can be included and what can't be included in a
> product. It would be nice if some of this code ( support for jndi for
> tomcat ) could be contributed back to tomcat, but it's GPL vs. Apache.

No problemo. The GPL issue is being resolved (=we're switching license).

> > Not sure what you mean. Each application has its own ACL right? Or what
> > would be the problem? Can you expand on this point.
>
> Each application has its own class loader, but it doesn't have to be
> AdaptiveClassLoader ( the class loader is "pluggable" ), and in fact if
> you are running in a secure environment ( use sandbox, run untrusted apps
> ) it is better to use the 1.2 loader interceptor that plugs the
> unmodified URLClassLoader.
>
>
> If the untrusted apps can access AdaptiveClassLoader they may get
> additional permissions, like changing the class path, and also ACL
> doesn't implement the "Sealed" and other security attributes. That means
> code that assumes ACL is present may not run in all configurations.

Ah, I see. Well, I don't rely on the ACL. I rely only on *a* CL being set as
context classloader/app, that's all. I don't which one it is.  :-) Basically
I just keep a hashtable with the CL as key and the namespace as value.
Simple and works.

/Rickard