----- Original Message -----
From: "Smith Norton" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <dev@tomcat.apache.org>
Sent: Monday, August 20, 2007 7:05 AM
Subject: Re: POJO Application Server for Tomcat
I am still waiting for this response. Could you please tell us why is
this specific to Tomcat?
Sorry I live on the other side of the world, I was sleeping ;)
In theory, its not, its a servlet and thus should run on any servlet
container, but its one hell of a servlet, and internally there is some
serious class loader stuff going on. A little like having Tomcat run inside
Tomcat, if that makes sense. It also uses TC's security setup and thats
preconfigured in WEB.xml and I imagine a little different on other
containers, so users may find that a hassle factor.
It's certified for Tomcat really just because thats the only servlet
container we use... and my way of giving back, yes I do want new comers to
come to the TC mailing lists. Or let me say it this way, I could have taken
the tomcat code and combined it with this servlet internally and then given
it the name of some fish, but I wanted all credits to come back to TC for
the servlet container... so maybe its just misguided loyalty ;)
But there is a technical reason as well, when class loaders run inside class
loaders, or class loaders run inside another container, it really brings out
issues with the underlying class loaders inside a container. So I feel it
should be tested carefully on any other servlet container.
I havnt tested on other servlet containers, because I think half of them run
on TC code anyway, not much of a test, but if you want to see a container
fail, try make WebStart use an RMI program, or a program that has its own
class loaders... it will likely fail.
When testing I actually ran TC from the source and traced into TC just to
make sure classloaders were doing the right thing, they do, fortunately.
So there is a degree of caution, and a whole lot of loyalty ;)
By all means if you use something else, try it.... but I do have a feeling
the security side may need a rework of the configuration, and may not work
at all because it twists normal web security to protect classes, so that one
can protect access to their applications.
On 8/20/07, Lilianne E. Blaze <[EMAIL PROTECTED]> wrote:
Hello,
Be more specific please? What problems does it solve?
How is that specific to Tomcat, instead of just any servlet container?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
