Tomcat 6.0.26 Context/privileged
Can someone clarify something about the Context element's privileged attribute in Tomcat 6.0? In Tomcat 5.5 setting privileged=true would set the application's parent class loader to the Catalina loader so that the app could access the server classes. The default is privileged=false and so normal apps don't see these classes. In Tomcat 6, if I understand the documentation, all the server class jars are handled by the common loader (which can see the server jars), and that means that in effect all applications are running as if privileged by default. More than that, even explicitly setting privileged=false won't switch this behaviour off. The only way to change that would be to move the server jars to another directory and modify the catalina.properties. Is that right, or am I missing something about how 6.0 deals with this? If this is the way things are, doesn't that mean that 6.0 is not in line with the Servlet API spec? --Pete - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.26 Context/privileged
From: peter_f...@blm.gov [mailto:peter_f...@blm.gov] Subject: Tomcat 6.0.26 Context/privileged that means that in effect all applications are running as if privileged by default. No, that's not how it works. The WebappClassLoader chooses which parent in the classloader hierarchy to delegate to, based on the privileged setting. By default, the WebappClassLoader skips over the common class loader, going right to the system classloader. Only privileged webapps get to use the common class loader. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.26 Context/privileged
I knew I had to have missed something. The documentation section that covers classloading isn't very clear and as far as I can see makes no mention of the privileged setting, and the section under Context configuration that describes the privileged setting is misleading (from your description I'd guess it wasn't updated properly from 5.5). Your answer makes things plainer. Thanks! Caldarale, Charles R Chuck.Caldarale@ To unisys.com Tomcat Users List users@tomcat.apache.org 05/07/2010 08:44 cc AM Subject RE: Tomcat 6.0.26 Please respond to Context/privileged Tomcat Users List us...@tomcat.apa che.org From: peter_f...@blm.gov [mailto:peter_f...@blm.gov] Subject: Tomcat 6.0.26 Context/privileged that means that in effect all applications are running as if privileged by default. No, that's not how it works. The WebappClassLoader chooses which parent in the classloader hierarchy to delegate to, based on the privileged setting. By default, the WebappClassLoader skips over the common class loader, going right to the system classloader. Only privileged webapps get to use the common class loader. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org