tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: POJO Application Server for Tomcat
Date Mon, 20 Aug 2007 08:20:19 GMT

----- Original Message ----- 
From: "Smith Norton" <>
To: "Tomcat Developers List" <>
Sent: Monday, August 20, 2007 7:05 AM
Subject: Re: POJO Application Server for Tomcat

>I am still waiting for this response. Could you please tell us why is
> this specific to Tomcat?

Sorry I live on the other side of the world, I was sleeping ;)
In theory, its not, its a servlet and thus should run on any servlet 
container, but its one hell of a servlet, and internally there is some 
serious class loader stuff going on. A little like having Tomcat run inside 
Tomcat, if that makes sense. It also uses TC's security setup and thats 
preconfigured in WEB.xml and I imagine a little different on other 
containers, so users may find that a hassle factor.

It's certified for Tomcat really just because thats the only servlet 
container we use... and my way of giving back, yes I do want new comers to 
come to the TC mailing lists. Or let me say it this way, I could have taken 
the tomcat code and combined it with this servlet internally and then given 
it the name of some fish, but I wanted all credits to come back to TC for 
the servlet container... so maybe its just misguided loyalty ;)

But there is a technical reason as well, when class loaders run inside class 
loaders, or class loaders run inside another container, it really brings out 
issues with the underlying class loaders inside a container.  So I feel it 
should be tested carefully on any other servlet container.
I havnt tested on other servlet containers, because I think half of them run 
on TC code anyway, not much of a test, but if you want to see a container 
fail, try make WebStart use an RMI program, or a program that has its own 
class loaders... it will likely fail.
When testing I actually ran TC from the source and traced into TC just to 
make sure classloaders were doing the right thing, they do, fortunately.

So there is a degree of caution, and a whole lot of loyalty ;)
By all means if you use something else, try it.... but I do have a feeling 
the security side may need a rework of the configuration, and may not work 
at all because it twists normal web security to protect classes, so that one 
can protect access to their applications.

> On 8/20/07, Lilianne E. Blaze <> wrote:
>> Hello,
>> Be more specific please? What problems does it solve?
>> How is that specific to Tomcat, instead of just any servlet container?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message