Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 61206 invoked from network); 18 Dec 2009 18:59:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Dec 2009 18:59:27 -0000 Received: (qmail 98631 invoked by uid 500); 18 Dec 2009 18:59:26 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 98557 invoked by uid 500); 18 Dec 2009 18:59:26 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 98546 invoked by uid 99); 18 Dec 2009 18:59:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2009 18:59:26 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [72.22.94.67] (HELO virtual.halosg.com) (72.22.94.67) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2009 18:59:18 +0000 Received: (qmail 21867 invoked from network); 18 Dec 2009 12:58:57 -0600 Received: from 38-171-19-72.skybeam.com (HELO ?192.168.1.42?) (72.19.171.38) by halosg.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 18 Dec 2009 12:58:57 -0600 Message-ID: <4B2BD127.9050002@hanik.com> Date: Fri, 18 Dec 2009 11:59:51 -0700 From: Filip Hanik - Dev Lists User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090814 Fedora/3.0-2.6.b3.fc11 Lightning/1.0pre Thunderbird/3.0b3 MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Access GlobalNamingResources using javax.naming References: <4B29704D.40004@hanik.com> <427155180912161837p682b8e5dra00fc349a87814b5@mail.gmail.com> <4B2A465F.2040705@hanik.com> <427155180912181038n7584e98bxae95a04c02c45c30@mail.gmail.com> In-Reply-To: <427155180912181038n7584e98bxae95a04c02c45c30@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 12/18/2009 11:38 AM, Konstantin Kolinko wrote: > 2009/12/17 Filip Hanik - Dev Lists: > >> On 12/16/2009 07:37 PM, Konstantin Kolinko wrote: >> >>> I think, that in JNDI there is no such way >>> >> ok, maybe we can add in a namespace for that, such as >> InitialContext.lookup("global:"); >> and then have a config attribute allowGlobalLookup="true|false" to be >> backwards compatible >> >> > Why using does not satisfy you? > cause I'm hard to please ;) resourcelinks get tied up using thread bindings or class loader bindings. This makes java:comp/env/ not work for a background thread that was not loaded from web-inf/lib also, building custom tomcat components, that you define in server.xml, you may want to access through regular jndi and not have to import org.apache.catalina.Server to get to the global context > I would like all access to the global resources to be explicit. If you > need it, just add a, as documented. > http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html > > >> and then have a config attribute allowGlobalLookup="true|false" to be >> backwards compatible >> > How is that from Security stand point? > > I mean, it must be allowGlobalLookup="false" by default. > that is correct. Default behavior should be backwards compatible. on top of that, one can add in a new java.security permission to further control access using the security manager > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org > For additional commands, e-mail: dev-help@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org