tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Limits on the size of the web.xml file?
Date Mon, 03 Sep 2001 18:56:01 GMT

On Mon, 3 Sep 2001, Roland wrote:

> Date: Mon, 3 Sep 2001 15:15:36 -0300
> From: Roland <>
> Reply-To:
> To:
> Cc:
> Subject: Limits on the size of the web.xml file?
> Hello is there a limit to the size of the web.xml file?

There are no predefined limits -- the only limits will be indirect ones
based on how much JVM heap space it takes to represent the security
constraints, servlet mappings, and so on internal to the container.

> This is because if
> we want to have a large user database with say 500 users, and make a
> separate security constraint for each user to protect his directories from
> the other users we will have quite a large web.xml file.
> Each security constraint has 602 bytes(characters), that would make 500*602
> = 301000 bytes = 300 Kb(for 500 users).

>From an XML parsing perspective, or an in-memory perspective, 300kb isn't
much (I've run some large scale apps on gigabyte-memory machines :-).  But

> Any problems with that?
> What about the really large stuff(fortunately not our case)? If you would
> make a public Webmail and have say 1 000 000(one million) users?
> That would make 602 Million bytes = 602 Megabyte web.xml file. Quite large,
> isn't it ? :)))

Sounds like a redesign is more appropriate.

Memory issues aside, have you considered the fact that using individual
security constraints for each and every user means that you have to
restart the entire app every time you add a new user?  Or, that every time
you add a user and restart, the restart time gets longer and longer?

I suggest that you use security constraints to ensure things like "there
must be a logged on user".  You can also use roles to identify whether the
particular user is ordinary, or has administrative capabilities as well,
by defining a few roles.

Use application specific logic to ensure that a particular user can only
see things that are relevant to them (i.e.  their own mailbox in a
WebMail scenario).

> Thanks Roland

Craig McClanahan

View raw message