On Sat, 26 Feb 2000, Craig R. McClanahan wrote:
>
> > [skipping the rhetoric, focusing on the details]
Sorry for the rhetoric. I hope at least it will be some time until someone
in the list hides again bad spec design under this vague 'bad OO
programming' cliche (which of course you, Craig, never did).
[..]
> In a 2.0-compatible servlet, I can execute the following code:
>
> Servlet myServlet = getServletContext().getServlet("myservletname");
> myServlet.destroy();
>
> and there is not a thing the servlet engine can do about it. How do you
> propose this protection be implemented?
That's a security hole that needs to be patched. Removing getServlet() is
like a doctor chopping the head off, for a headache.
> > although in principle, I also do not see why not a privileged
> > MasterServlet could not be authorised with loading and unloading other
> > servlets programmatically. Millions of people would kill for that.
> >
>
> That's sort of what JSP does, although it does not really unload the
> old servlet class when you recompile -- it creates a new one with a
> different name. There are significant restrictions (based on the way
> Java class loaders work) that limit the flexibility of a "master
> servlet" here.
Which [restrictions] are adressed I understand in latest specs where a
servlet cast is guaranteed, irrespective of class loaders. Hence, it can
be fixed.
[skipped general comments on team programming, etc. that do not remotely
prove that having real access to ServletContext is bad or wrong or
impossible should the spec designers decide to implement it]
> There is also a relevant cliche in English that is appropriate to this
> situation: "if the only tool you have is a hammer, every problem looks like a
> nail." Trying to use ANY architectural pattern (servlets in this case) to
> solve all your problems (shared data access) is a case in point.
And this is the bottom line, where I rest my case (for this thread:-): I
see servlets more like a swiss knife, than a hammer. But I respect and
value the other opinion and I understand that their actual usage will be
the real decision maker. I am just afraid they will soon fall into
oblivion if they continue to be used as glorified CGIs. JSP does this much
better.
Kostas
> [not interested in arguing philosophy, I skipped the rest ... I was only
> responding to several people's desire for a specific list of "what's wrong
> with getServlet()]
>
> Craig
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
