The only similarity I could come up with, is there are some providers offering shared Tomcat hosting, where they front-end Tomcat with Apache HTTP Server or another solution to proxy the web context into what you want. They offer their own front-end for uploading your web app, so the use never has admin access to Tomcat. But for a Java EE server, I'm not aware of any such hosting of shared app severs.
Seems that for now, multiple server instances each with its own repo would be a viable solution. If we have hosting providers interested in sharing a single instance between customers, then we need them to chime in on the user/dev list with their requirements and scenarios.
I could see where requiring admin credentials to access the kernel and other GBeans would be a welcomed solution for even some enterprise users, but we really need to here from our users on this....
-Donald Vamsavardhana Reddy wrote:
I have always felt that Geronimo won't be suitable for a hosting kind of environment where applications owned by unrelated parties may be hosted on the same server (does such a thing happen in reality?). Irrespective of this, GBeans permissions appears to be something we can consider to have. The following is an excerpt from a private conversation I had with David Jencks on IRC. Read on...*vamsic007:* The usability of Geronimo in a hosting kind of environment has always bothered me.*djencks :* how?*vamsic007:* Any application running in G can get hold of any other application related GBeans and do what ever*vamsic007:* Any app can stop any configuration it wishes to*djencks :* realistically does anyone run apps from unrelated people on the same server?*vamsic007:* won't that be the situation in a hosting environment? *djencks :* I don't know*djencks :* I would expect if I rent server space I'd probably get my own vm*djencks :* but I'm not a hosting company *vamsic007:* hmm...*vamsic007:* will have to find out if my concern is genuine or I am worried unnecessarily. *vamsic007:* I always thought that we should have a mechanism to enforce GBean permissions.*djencks :* I can see several places gbean permissions could work *djencks :* 1. getting gbean from kernel. This is pretty non-intrusive*djencks :* 2. actually calling operations/accessing attributes on a gbean. I think this would require putting proxies back in *djencks :* there's also a bootstrap question of what enforces the permissions until the jacc system is operational *djencks :* since e.g datasources bound in jndi end up calling a gbean operation to get the datasource, this would have a lot of intersection with the normal server operations *vamsic007:* May be I will initiate a discussion on this on [EMAIL PROTECTED] to get others inputs too. I do not want to go on dev-list coz it is related to security and do not want to make the users feel insecure unnecessarily. *djencks :* I'd prefer to talk about it on dev, I think we could use all the input we can get.*vamsic007:* thanks David.Comments? Suggestions? Am I worried unnecessarily? Are GBean permissions something that we should consider?Thank you. ++Vamsi
smime.p7s
Description: S/MIME Cryptographic Signature
