Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 25518 invoked from network); 1 Apr 2002 21:32:04 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 1 Apr 2002 21:32:04 -0000 Received: (qmail 2882 invoked by uid 97); 1 Apr 2002 21:32:01 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 2866 invoked by uid 97); 1 Apr 2002 21:32:00 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 2851 invoked from network); 1 Apr 2002 21:32:00 -0000 Message-ID: <3CA8D165.5030100@sun.com> Date: Mon, 01 Apr 2002 13:30:13 -0800 From: Patrick Luby User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:0.9.4.1) Gecko/20020315 Netscape6/6.2.2 X-Accept-Language: es,en MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Another proposal for java.ext.dirs Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N All, I admit my previous method for protecting Tomcat from conflicting system extensions proved to be a bit flawed. However, I still would like to add some protection against these conflicts since this tends to be a difficult to diagnose problem for a lot of new Tomcat users. On the other hand, I don't think we want to prevent knowledgable users from using their installed extensions to support their installation. So, here is what I propose. Note that I am in favor of checking the installed extensions so this proposal should be complimentary to any checking that might be implemented in the Tomcat code: 1. Add the following to each Java execution line in the wrapper scripts: Unix: -Djava.ext.dirs="$JAVA_EXT_DIRS" Windows: -Djava.ext.dirs="%JAVA_EXT_DIRS%" 2. Add the following lines in setclasspath.bat and setclasspath.sh: Unix: if [ -z "$JAVA_EXT_DIRS" ]; then echo "Disabling installed Java extensions. Set the" echo "JAVA_EXT_DIRS environment variable to the following value" echo "to enable installed Java extensions:" echo " $JAVA_HOME/jre/lib/ext" fi Windows: if not "%JAVA_EXT_DIRS%" == "" goto gotJavaExtDirs echo Disabling installed Java extensions. Set the echo JAVA_EXT_DIRS environment variable to the following value echo to enable installed Java extensions: echo %JAVA_HOME%\jre\lib\ext :gotJavaExtDirs 3. If the user does not defined JAVA_EXT_DIRS (the default case), the java.ext.dirs property is set to "" and the above status message is printed. Then, if the user defines JAVA_EXT_DIRS, the existing behavior is enabled. Since new Tomcat users primarily use the installed scripts, this is a good way to protect Tomcat without preventing other custom scripts or launchers from enforcing a different standard. Does this sound like a reasonable approach? It would be nice to have this property setting in the Bootstrap.java class, but unfortunately, you must set the java.endorsed.dirs property when the JVM is started as it is immediately put in the JVM's bootstrap classpath. Thanks, Patrick ________________________________________________________________ Patrick Luby Email: patrick.luby@sun.com Sun Microsystems Phone: 408-276-7471 901 San Antonio Road, USCA14-303 Palo Alto, CA 94303-4900 ________________________________________________________________ -- To unsubscribe, e-mail: For additional commands, e-mail: