Jan-Florian Hilgenberg wrote:
thank you very much :-)
just one question is left: when you said "have to modify the jvm to support
uid/gid per thread"
do you mean, that we have to change something in the source code or what?
because, i have no idea how i have to setup such RMI things.
Just a Java dummy bumping in here.
I think that the (qualified) answer which you received previously
basically meant "no, you can't do that".
Modifying indeed the JVM to allow it to start a thread with a different
uid/gid, would probably be not trivial, specially considering all the
security aspects of ditto.
The "RMI thing" would mean, for instance, that you start a separate
server process under a separate JVM, running under the other uid/gid,
and then from your own server, you call these applications via Remote
Method Invocation.
Anyway, not something trivial for me, and maybe not anymore for you.
Another idea that could be tried however, assuming you really need to
run this application under another uid/gid :
- run 2 separate Tomcats :
- a Tomcat1 running under the "normal" uid/gid, and running the
standard applications
- a Tomcat2 running under the "special" uid/gid, only for this special
application
- install an Apache httpd as a front-end to your 2 Tomcat's
- use this front-end Apache httpd as a proxy to distribute the calls to
your two back-end Tomcats : the calls to this special app go to Tomcat
2, the calls to the other webapps go to Tomcat1.
As proxying module, you can use either one of mod_proxy (HTTP),
mod_proxy_ajp, or mod_jk.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
