Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 54005 invoked from network); 2 Apr 2002 20:26:10 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 2 Apr 2002 20:26:10 -0000 Received: (qmail 4243 invoked by uid 97); 2 Apr 2002 20:26:08 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 4226 invoked by uid 97); 2 Apr 2002 20:26:07 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 4201 invoked from network); 2 Apr 2002 20:26:07 -0000 Message-ID: <014b01c1da84$addc2ab0$6501a8c0@apache.org> From: "Remy Maucherat" To: "Tomcat Developers List" References: <3CA8D165.5030100@sun.com> Subject: Re: Another proposal for java.ext.dirs Date: Tue, 2 Apr 2002 12:26:13 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Rating: localhost.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > All, > > I admit my previous method for protecting Tomcat from conflicting system > extensions proved to be a bit flawed. However, I still would like to > add some protection against these conflicts since this tends to be a > difficult to diagnose problem for a lot of new Tomcat users. On the > other hand, I don't think we want to prevent knowledgable users from > using their installed extensions to support their installation. > > So, here is what I propose. Note that I am in favor of checking the > installed extensions so this proposal should be complimentary to any > checking that might be implemented in the Tomcat code: > > 1. Add the following to each Java execution line in the wrapper scripts: > > Unix: > -Djava.ext.dirs="$JAVA_EXT_DIRS" > Windows: > -Djava.ext.dirs="%JAVA_EXT_DIRS%" > > 2. Add the following lines in setclasspath.bat and setclasspath.sh: > > Unix: > if [ -z "$JAVA_EXT_DIRS" ]; then > echo "Disabling installed Java extensions. Set the" > echo "JAVA_EXT_DIRS environment variable to the following > value" > echo "to enable installed Java extensions:" > echo " $JAVA_HOME/jre/lib/ext" > fi > Windows: > if not "%JAVA_EXT_DIRS%" == "" goto gotJavaExtDirs > echo Disabling installed Java extensions. Set the > echo JAVA_EXT_DIRS environment variable to the following value > > echo to enable installed Java extensions: > echo %JAVA_HOME%\jre\lib\ext > :gotJavaExtDirs > > 3. If the user does not defined JAVA_EXT_DIRS (the default case), the > java.ext.dirs property is set to "" and the above status message is > printed. Then, if the user defines JAVA_EXT_DIRS, the existing > behavior is enabled. > > Since new Tomcat users primarily use the installed scripts, this is a > good way to protect Tomcat without preventing other custom scripts or > launchers from enforcing a different standard. > > Does this sound like a reasonable approach? It would be nice to have > this property setting in the Bootstrap.java class, but unfortunately, > you must set the java.endorsed.dirs property when the JVM is started as > it is immediately put in the JVM's bootstrap classpath. As Costin mentioned, it's not necessarily a good idea because of the complexity issue; this is similar to what is done to ignore the classpath. Remy -- To unsubscribe, e-mail: For additional commands, e-mail: