> Yes, o'course in production. In my mind - there is no place for this
> method in HttpServlet - it should throw the Exception. OK for
> GenericServlet, but this is Javasoft problem.
Maybe I don't understand, but I think it should be there on development/test
systems as well since you clearly want to capture such coding issues as soon
as possible. HttpServlet doesn't have an exit method. That's System, so
another class cannot throw an exception.
Java has a clear solution to this which is the base of their java security
architecture. It includes running JVMs with a security manager (the only
way to go imho). When done, System.exit() won't be alllowed unless you
grant that permission to the code. We don't allow code to call System.exit,
but we do allow shutdown hooks so that our code will know when we're being
shutdown using this basic policy statement (in our case, the app prefix is
'ssd'):
grant codeBase "file:${tomcat.home}/webapps/ssd/-" {
...
permission java.lang.RuntimePermission "shutdownHooks";
...
};
David
