tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kief Morris <>
Subject Re: [PROPOSAL] Tomcat 4.0-beta API Change: Security Manager Facades
Date Fri, 19 Jan 2001 22:40:34 GMT
Craig R. McClanahan typed the following on 02:00 PM 1/19/2001 -0800
>For each Servlet API interface that represents an internal Catalina object
>exposed to an application object, create a new
>org.apache.catalina.facade.XxxxxFacade class according to the following basic
>* Pass the internal object to the constructor (the facade
>  will be a wrapper around it).
>* Implement the appropriate servlet API interface (so the
>  facade object can be passed to application components)
>* For each public method in the interface, implement a doPrivileged
>  block that calls the corresponding method on the underlying
>  internal Catalina object.

Sounds cool. If the application doesn't use the security manager,
will the object simply continue "raw" without being wrapped by
the facade to avoid the added overhead? e.g:

// Raw session
Session mySession = whatever;

if (security_enabled) {
    mySession = new SessionFacade (mySession);

// Raw or facade session, doesn't really matter


View raw message