What you say - is all correct. But some basic security policy protecting
the integrity of the JVM could be embedded as part of tomcat distribution.
Because how many questions are we getting on the "system" - JVM
unexpectedly crash. And in real life many companies *should*
but really *do* have one system which is dev, test and prod.
Especially now with all the downsizing.
Anyways, this is nothing against tomcat. It is an excellent system.
R/L
----- Original Message -----
From: "David Wall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 7:15 PM
Subject: Re: Tomcat as Service Crashing.
> > Yes, o'course in production. In my mind - there is no place for this
> > method in HttpServlet - it should throw the Exception. OK for
> > GenericServlet, but this is Javasoft problem.
>
> Maybe I don't understand, but I think it should be there on
development/test
> systems as well since you clearly want to capture such coding issues as
soon
> as possible. HttpServlet doesn't have an exit method. That's System, so
> another class cannot throw an exception.
>
> Java has a clear solution to this which is the base of their java security
> architecture. It includes running JVMs with a security manager (the only
> way to go imho). When done, System.exit() won't be alllowed unless you
> grant that permission to the code. We don't allow code to call
System.exit,
> but we do allow shutdown hooks so that our code will know when we're being
> shutdown using this basic policy statement (in our case, the app prefix is
> 'ssd'):
>
> grant codeBase "file:${tomcat.home}/webapps/ssd/-" {
> ...
> permission java.lang.RuntimePermission "shutdownHooks";
> ...
> };
>
> David
>
