tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ludwig <mil...@gmx.de>
Subject Re: Re: Tomcat 6 unstable
Date Tue, 25 Nov 2008 22:23:29 GMT
Caldarale, Charles R schrieb am 24.11.2008 um 21:51:33 (-0600):
> > From: Michael Ludwig [mailto:milu71@gmx.de]
> 
> > Could web app Foo, which brings its own DB2 driver - in spite
> > of the same driver already offered by the common.loader or
> > the bootstrap.loader, by this very fact jeopardize other web
> > applications running in the same container, which rely on the
> > DB2 driver offered by the "common.loader"?
> >
> > Or would web app Foo only harm itself?
> 
> If an object originating in a webapp classloader is passed to code
> from a more global classloader, and then another webapp accesses that
> object, it will not be castable to any type the second webapp has
> access to. (Class myPackage.MyClass loaded by classloader A is not the
> same type as myPackage.MyClass loaded by classloader B.)

That's an interesting fact, and good to know.

The very fact that object leak from one web app into another is a
possibility seems to constitute a strong argument in favour of strict
monitoring, be it only to shield oneself from errors that might be
difficult to track down.

> > Does this mean web apps have to be monitored for the classes they
> > make available in order to make sure none of them has already been
> > made available via the common.loader?
> 
> If a webapp minds its own business, there shouldn't be a problem.  If
> it tries to use Tomcat's DB connection pooling (or logging, or some
> other shared mechanism), but insists on providing its own copy of the
> shared classes, then there are likely to be problems.  (This is a
> problem with servlet containers - not just Tomcat - because it breaks
> the standard Java classloading model of always delegating upwards.  As
> mentioned before, this breaking is pretty much required by the servlet
> spec.)

May I rephrase this into there being a duty for the Tomcat admin to
enforce none of the web apps loaded into his container supply a library
that the container itself already supplies?

Michael Ludwig

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message