On 17/09/18 22:13, Christopher Schultz wrote: > Mark, > > On 9/17/18 08:34, Mark Thomas wrote: >> On 17/09/18 10:50, Konstantin Kolinko wrote: > >> <snip/> > >>> Implementing auto-reloading has a caveat: there is a race >>> condition between an editor (that is used to update the file) and >>> Tomcat. It may be that Tomcat will try to read an incompletely >>> written file. >>> >>> Also using a SAX parser + Digester, it does not check whether the >>> XML file is well-formed beforehand. It stops on the first >>> encountered error, but side effect from whatever methods it has >>> called thus far will be visible. > >> There is some code that handles a similar case for updated WAR >> files. We should be able to make that generic and re-use it here. > > Also, when using SAX+digester, a new object should be created for the > user database and only brought into service when it's been completely > (and properly) loaded. I wouldn't suggest reading the XML directly > into the live structure. > > I'm not saying that's how the code IS written... just saying how it > ought to be written, given your concerns for such a race-condition.
Ideally, yes. Unfortunately that would require some additional refactoring. I think I'll go for the simpler option of clearing the users, roles and groups if there is an error. The lock that is now in place will ensure the data isn't used during the load. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
