On Sat, 23 Jun 2001, Craig R. McClanahan wrote:
> Servlet 2.3 PFD2, defines sensitive for the purposes of conformance: J2SE
> and servlet API classes.
Well, that's not very good if you have a "sensitive" driver ( a native
JDBC for friver for example ) or similar. But if this is the definition -
it'll be even more interesting to watch :-)
> With your "delegate first" model, you are out of luck if someone *has*
> installed a shareable library (like an XML parser or a JDBC driver) into
> the common directory, and you need a different version. Telling them "but
> you shouldn't do that" is not going to be satisfactory to all users.
Interesting example. First of all, if the admin is installing a particular
version of a JDBC driver - he probably has reasons to ( like the fact that
the database in use _needs_ that particular version - something a webapp
can't easily know ). Not to mention that the driver usually needs at least
permission to connect to the database ( if not JNI ). It'll be even more
fun to watch how the class loader deal with that ( do you grant
permission ? bad luck for security. Don't allow the user to override that
particular driver - bad luck, you brake the spec ).
Even for XML - if the server admin has installed a particular XML parser
in the common dir, he might have reasons to. Like a XML-based database, or
maybe XSLTC ( which requires extra permissions, again ) - things a webapp
can't control ( if it is portable ).
> Anyway, I'm not suggesting that you MUST implement something similar --
> I'm just suggesting that you would be nicer to your users if you
> anticipated some of the things that 2.3 does allow, and that are not
> specified in 2.2, to improve their migration experience.
I agree with that for most parts - for class loader I'm afraid I do not
know any way to implement the 2.3 requirement that does not compromise
security ( or risk other side-effects and the stability - class loaders
are extremely sensitive ), so I can't help. I'm sure smarter people will
prove I'm wrong ( since I believe the whole concept is broken ), and find
a solution to all those issues.
( the same as I was proved wrong regarding the facades :-)
Costin
( sorry, this is intersting - but I have some work to do, I think we
already discussed this subject few months ago, nothing important changed )
