Thanks everybody for some excellent answers on the classloading topic. The security
issues are not something I had considered, in naturally thinking that 'look then
delegate' is the logical way to go.
On the issue of classpath ordering via my .properties file, I was thinking that it
would not break web-app compatiblity if used in the <tc_home>/lib directories, and
maybe such a facility is a candidate for for inclusion in the web.xml file in Servlet
spec 2.4 ... the need for this is always going to be present when library-providers
compile-in library files into their distributed .jar files.
However, you have got me all thinking on a wider scope about classpaths and
classloaders. I am going to do a few experiments over the next few weeks, and
investigate:
- 'look then delegate' hierarchy
- 'delegate then look' hierarcy
- mixture of the above two
- security implications of the above
- administration mechanisms to specify ordering in a particular classloader
- maybe even some kind of tool along the lines of:
"show me all your classloaders, and tell me what classes are accessible to you"
that offered some kind of heuristics to pinpoint possible problems.
On the basis of these investigations, I may decide to contribute some code to the
Tomcat codebase. I'll keep you posted!
cheers,
David.
----
David Bullock - http://www.lisasoft.com/
Sun Certified Programmer for Java 2
"The key ingredients of success are a crystal-clear goal, a realistic attack plan to
achieve that goal, and consistent, daily action to reach that goal."
Steve Maguire, "Debugging the Development Process".
