Remy Maucherat wrote: > Costin Manolache wrote: > >> Glenn Nielsen wrote: >> >> >>> <ballot> >>> [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD >>> and include it in future release of Tomcat 4.1.x >>> [X] commit to CVS but don't add to the next release >>> [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) >>> [ ] -1 Don't commit to CVS (Please explain why) >>> </ballot> >> >> >> >> I'm -0 on adding yet another config file - WEB-INF/policy.xml is also >> strange as webapps ( which shouldn't be trusted ) get to set the security >> policy. This is very tricky - and will need a lot of review. >> >> However I'm -1 on adding deps on castor and doing schema validations - at >> least at this stage ( and after the experience we had with web.xml >> schemas ). Castor is very nice, but is also a big thing. >> >> The current policy file is standard and likely to be understood by tools. >> XML may be in theory easier, however I doubt too many tools understand >> this particular DTD. So I prefer keeping the current file format as >> default, >> at least until a standard security policy DTD is defined ( standard == >> we're not the only ones using it :-). >> >> If you need this functionality - I would propose making it a separate >> module ( sort of add-on to tomcat ), instead of bundling it with tomcat >> by default. > > > I'd commit it as a module for now, and work from there.
I'm not sure what it means to commit something as a module to Tomcat. The support for XML policy files is only built in if you configure your build.properties to do so. Is that what a module means? > If we could avoid having to use Castor XML for parsing, that would be nice. I have used Castor for XML Schema support in several projects. I just find that Castor makes use of XML Schemas much easier. And XML Schemas are a significantly better solution than DTD's for validating XML. Regards, Glenn -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
