Hi, >To add another point to my earlier post: I'm not concerned with >malicious code like "System.exit(1)" because a custom SecurityManager >will take care of that. What worries me is the abuse of resources >causing the server to go low on resources and crash. Perhaps installing >a separate Tomcat instance for every application is a solution?
OK, now we're getting more realistic ;) A separate tomcat instance per application means much less worrying about them killing each other. Any one app can only damage itself. This is great from a security and stability perspective, but can be a nightmare to administer (although if you have a nice JMX console, you're in much better shape as you can configure it with all your tomcat instances and control them from one place). But since you're already handling some things with a custom security manager, and are only concerned with the resources, here's one additional possible approach. Create a listener (probably the tomcat-specific Lifecycle Listener), but can be a more portable ServletContextListener tied to the admin or manager webapps for example, or to a webapp that will always be present on your server. Have this listener spawn a (daemon) thread that monitors memory usage (via Runtime.freeMemory etc.), and when it drops below a certain percentage takes action. The action can be to notify the administrator, or do tomcat specific-things (like accessing the manager webapp programmatically to stop/restart/undeploy applications). You will not know which application is causing the problem. You also won't be able to monitor CPU usage, which is the problem in cases like infinite loops. But it's something. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
