All, The root cause of bug 40770[1] is that the default catalina.policy file does not permit reflection on the Tomcat facade classes which are exposed to applications as HttpServletRequest, HttpSession etc.
The necessary permissions to enable reflection can only be granted per package. Granting these permissions on the packages where the Facade classes currently reside would expose large sections of Tomcat internals. I therefore propose moving the following classes to a new package, o.a.c.facade RequestFacade ResponseFacade ApplicationContextFacade StandardWrapperFacade StandardSessionFacade This move will allow the permissions in catalina.policy to be set to allow reflection on this package. The impact on spec compliant web applications should be zero. Web applications that depend on Tomcat internals may have issues. My intention would be to make this change in 5.5.x and 6.0.x. If the risk of breaking existing applications that depend on Tomcat internals is considered too great than an alternative (based on how log4j dealt with the Category to Logger move) is to create new classes in the o.a.c.facade package that extend the existing ones. All the internal Tomcat code can be changed to refer to the new classes but any existing code that tries to use the old ones will still work. Thoughts? Comments? Objections? Mark [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40770 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
