class loader interdependencies

2004-06-25 Thread Larry Levin 
Hi all;
I am trying to share some jars across multiple web-apps, each of which 
runs in its own environment (i.e, JVM). To do this I make use of the 
CATALINA_BASE environment variable. My problem is in regards to class 
loading.

I have a number of jar files that are common to each webapp but I also 
have a couple that are unique to each app. According to the 
documentation for Tomcat 4.1: "from the perspective of a web 
application, class or resource loading  looks in the following 
repositories, in this order:"

1) /WEB-INF/classes of your web application
2) /WEB-INF/lib/*.jar of your web application
3) Bootstrap classes of your JVM
4) System class loader classes
5) $CATALINA_HOME/common/classes
6) $CATALINA_HOME/common/endorsed/*.jar
7) $CATALINA_HOME/common/lib/*.jar
8) $CATALINA_BASE/shared/classes
9) $CATALINA_BASE/shared/lib/*.jar
I have therefore tried two different approaches, both of which fail for 
the same reason.

 1st approach: I modified the standard startup script to add the shared 
jars to the CLASSPATH, thereby treating them as System class loader 
classes (i.e., category #4 in the above sequence).

 2nd approach: I placed the shared jars in $CATALINA_HOME/common/lib 
(i.e., category #7 in the above sequence).

In both cases everything works fine UNTIL one of these shared classes 
needs to access a class located in one of the /WEB-INF/lib/*.jar of a 
web application (i.e., category #2). At that point my code throws a 
ClassNotFoundException.

My impression is that something in the class loader procedures prevents 
"loading backwards" by which I mean:

   IF Class X was loaded by the nth loader in the sequence (e.g., #4, 
the system loader),
  AND Class X references a previously unloaded class,
  THEN Tomcat will ignore any loader lower in the sequence the 
Class X's loader
   (e.g., loaders 1-3 (the /WEB-INF and bootstrap loaders 
in this example))
   when attempting to resolve the reference.

Is this a correct assumption and does anyone have a suggestion for 
working around this "feature"?

Thanks
   Larry


--
Lawrence J Levin
Critical Architectures, LLC
Skillman NJ 08558
email: [EMAIL PROTECTED]
voice: (609) 333-9750
cell:  (908) 227-8485
fax:   (609) 333-9751
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

can CGI Servlet handle Perl taint checking?

2004-05-27 Thread Larry Levin 
Hi;
I am trying to get Bugzilla to work with Tomcat and have run into a 
problem. The latest stable release of Bugzilla (2.16) has implemented 
"taint checking" in all of the CGI perl scripts as a security feature. 
When I attempt to access Bugzilla via Tomcat, I get a message in the log 
file from the CGI servlet that its too late to turn on the "-T" option.

The problem as I understand it, is that the perl executable must be 
started up with taint checking enabled if the scripts are going to 
invoke it. Is there any way I can set an option in Tomcat to have the 
CGI servlet properly handle this aspect of perl? Does it matter whether 
I run Tomcat 4.1 or 5.0 ?

Thanks
Larry Levin

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]