On Thu, 15 Nov 2001, jean-frederic clere wrote: > > > Yes, but the question is what does it costs to setAttribute each time we process > > > a request even if the servlet does not do a getAttribute. > > > Yes, this is a good point. This suggests that we ought to just > > expose SSLSupport as a single attribute because it will be faster. > > Is that what you're saying? > > Yes, but now I am thinking that it only makes sense in mod_webapp (WARP) /mod_jk > (Ajp14) where the SSL informations are requested in a separate dialog step > between httpd and TC.
I think it makes sense for the other cases as well, since the evaluation ( construction of Cert, etc ) can be done only if needed ( i.e. lazy ). For Ajp14 you'll get an extra benefit if you don't even send it unless needed. On the other side, I'm not sure exposing SSLSupport as a req. attribute is very easy - we must thing about security. If SSLSupport will be recycled, which it should, then untrusted servlets should not be able to get a reference to it, otherwise they can hang on the reference and access informations on other webapps. And I see no need to have it visible to servlets. It can be stored as a private attribute ( note in 3.3 ), and that will also make the access faster. BTW, regarding JDK1.1 compatibility - I assume most of it will be done as a module ( you should have all the hooks you need ), and modules don't have to be 1.1 compatible. The only requirement is that people should be able to build and run a basic functional container using JDK1.1 - and we already have this. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
