On Tue, 2007-06-19 at 12:17 -0700, Bryan Atsatt wrote: > But you are right, of course, that there exist more complex scenarios > that require an intermediate form of sharing. Your named domains seems > to satisfy that requirement. Can you restrict access to domains? >
Not really. We assume that if you have "createClassLoader" permission then you can modify the classloading structure however you like. > And, as you know, even *within* an application, web-modules need to be > isolated. So the private repository approach breaks down a bit here, or > must be taken to the extreme of a single module repository instance. > This is where an access control model might be a better solution. The big issue with web-apps is their "load locally first". This gets people into all sorts of trouble when they start adding random things to WEB-INF/lib that is also visible elsewhere in the application. e.g. You add commons logging to an ear and then put it in WEB-INF/lib of a war also in the ear Ideally you'd want them to share the same classes, but sometimes it is done this way so each webapp can have its own singletons. -- xxxxxxxxxxxxxxxxxxxxxxxxxxxx Adrian Brock Chief Scientist JBoss, a division of Red Hat xxxxxxxxxxxxxxxxxxxxxxxxxxxx