2012/11/15 Duc Trung TRAN <ductrung.t...@gmail.com>: > Konstantin, > > Does it means it's a bad thing to use jsp as templating inside a webapp?
It is bad thing to bundle Tomcat components inside web applications. You should never do that. [1] should explain why. [1] and [2] should explain why things are different between 5.5 and 6.0&7.0. [1] http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html [2] http://tomcat.apache.org/migration-6.html#Shared_libraries > And it's normal that it breaks *other* applications but not the application > itself? I would expect the opposite scenario. Use a SecurityManager and you will get that "opposite scenario". In 5.5 the server components are more isolated from the web applications, due to having a separate "server" classloader. It was considered a waste, because it does not provide any security by itself unless you really run with a SecurityManager. Note that in Tomcat 6 & 7 (and in Tomcat 5.5 in webapps that have <Context privileged="true">) the server classes are directly visible from the webapp. There is no need to bundle such jars in your application. > 2012/11/15 Konstantin Kolinko <knst.koli...@gmail.com> > >> 2012/11/14 Christopher Schultz <ch...@christopherschultz.net>: >> > >> >> Do you have any idea why old jasper-compiler (used inside an >> >> application) provoke errors to other applications? Is it a bug? Or >> >> is there some additional config to make it works? >> > >> > Oh, this breaks *other* applications? There may be some weirdness, >> > here, because Tomcat internals might be polluted by classes loaded >> > from a particular webapp. That definitely shouldn't happen if we can >> > help it. >> > >> >> It is a feature. >> >> If your webapps are bad citizens and do stupid things or you need >> protection from them, run with SecurityManager being enabled. >> >> Unless you run with SecurityManager, there is no protection against >> any webapp messing up with Tomcat internals, Java internals, or >> messing up with your operating system as a whole (limited only by the >> rights that tomcat user has). >> >> Note that if you run with SecurityManager, you have to pay the >> performance price for all those little checks that it does. >> >> >> Best regards, >> Konstantin Kolinko >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
