Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 59951 invoked from network); 27 Dec 2006 10:15:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Dec 2006 10:15:37 -0000 Received: (qmail 60102 invoked by uid 500); 27 Dec 2006 10:15:41 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 60047 invoked by uid 500); 27 Dec 2006 10:15:41 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 60036 invoked by uid 500); 27 Dec 2006 10:15:41 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 60033 invoked by uid 99); 27 Dec 2006 10:15:41 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Dec 2006 02:15:41 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Dec 2006 02:15:34 -0800 Received: by brutus.apache.org (Postfix, from userid 33) id F084D7142B6; Wed, 27 Dec 2006 02:15:13 -0800 (PST) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 40220] - Order of jar loading affects packaged resources In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20061227101513.F084D7142B6@brutus.apache.org> Date: Wed, 27 Dec 2006 02:15:13 -0800 (PST) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40220 ------- Additional Comments From darryl@darrylmiles.org 2006-12-27 02:15 ------- The issue is straight forward and understood, I've come across it before and unfortunately dont have anything concrete to point at to indicate which behaviour is correct. The question that remains "Is it legal to have the same package existing in more than one source location on the classpath ?" If the specification is clear that all class loaders MUST perform an exhaustive search from all source locations. Then TCs current behaviour is wrong and needs to be fixed. Anything less than a "MUST" allows TC to consider current behaviour correct. Just thinking about this issue for a moment: * There maybe some securiry reasons why; when one one or more artifacts of a package are found on the classpath then it will look no more. This might stop a rouge application adding classes into java.util.* package and possibily picking up wildcard security policy for java.util.*. Especially in the case of Java Web Start / Applets, where one source location is the local JVM and another a remote JAR on the webserver. * There are also performance reasons why its not the default, if you are doing resource lookups and keep missing (resource not found), you are forcing a complete classpath search everytime. * I'd expect the behaviour of generic Java custom class loader may leave this policy open to allow things to go either way once the lookup has been delegated away from the system class loader (to ensure java.util.* security). My belief is that current behaviour can be considered correct. But if TC wanted to it could perform an exhaustive search within the web-app realm WEB-INF/{classes,lib} if it so wished to implement such a class loading policy. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org