Larry Isaacs wrote: > > >> -----Original Message----- >> From: Costin Manolache [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, September 25, 2002 9:21 AM >> To: [EMAIL PROTECTED] >> Subject: RE: [POLL] Tomcat 3.3.2 updates >> >> >> Larry Isaacs wrote: >> >> >> > A first pass implementation, derived from what you have >> > done, can be found here: >> > >> > <http://jakarta.apache.org/~larryi/JmxSupport.war> >> >> Great ! >> >> However, I remain to the opinion that JMX is a fundamental >> API that should be available to all applications, and it >> should provide it's own (trusted) security. >> >> If anything, we should try to 'hack' mx4j to provide app >> isolation or fix whatever is broken. > > Most of the time I have spent playing with JMX occurred > in the last couple of days. So that I don't misunderstand, > can you elaborate what you mean by "isolation". Are you > referring to some kind of username, and maybe rolls, that > somehow control what you can and can't see on the Mbean > server?
1. It should be possible to have multiple jmx-enabled webapps, each with a number of MBeans. 2. Webapps shouldn't be able to 'see' each other or to see the container domain. 3. The (jmx) connectors must be shared ( you can't have one SNMP or http adapter for each app ) AFAIK this will probably require some jmx implementation specific code, since the jmx itself doesn't seem to have anything to help. ( this is common for all containers ) >> >> Think about it - each app can expose config and status >> data to the mx layer, and the config app ( or another >> tool ) can manage not only tomcat, but also each webapp. >> JMX is not restricted to server code, it can ( and should) >> be used in user apps as well. And that's where things >> will be intersting. > > For now, we could continue to include the JMX jars in > lib/container and update LoaderInterceptor11 to have > "jmx", "jmxDir", and "jmxJars" attributes which work > like the JAXP handling. Do you see doing more than > this at this point? +1 Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
