Re: TOMCAT ISSUE: System.Exit
"Johnny Kewl" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Ok... beginning to think I'm the only one reading here... yes it is a > kludge, and I doubt very much whether changing anything in catalina.policy > will do anything in this case... because the security manager is probably > incorporated in the web-app class loader... and yes this and the > documentation makes sense when protecting Tomcat from a rouge web-app > but thats not what I'm trying to do... I'm trying to protect an embedded > application FROM TOMCAT itself. > The code I have shown you is TOMCATS CODE... not the embedded application > code which is using tomcat as a library... or a Web-App's code. > > Ok... think we got crossed lines somewhere... but just to recap... Tomcats > System.Exit code kills the client calling tomcat... its rude ;) > I suppose I could write a class loader in the client... tell it to stop > System.Exits in a custom security manager... and then load up tomcat using > that classloader... little bit too much work dont you think? > All I think is happening is that those System.Exits make a lot of sense > from a server perspective... but not from an embedded perspective... its > not a disaster, it doenst make tomcat bad (its great), its just something > to think about > What this does is to make certain that Tomcat dies in the event that the shutdown Socket connection dies (rarely happens). A properly designed Embedded TC shouldn't have to go through this code: It should have it's own mechanism for signaling shutting down, and call the 'stop' method on the Catalina/Embedded/Server instance (via JMX or otherwise). Since the 'stopServer' method is intended for a stand-alone TC, I'm going to guess that you won't get much developer interest in removing the System.exit calls. > > ----- Original Message - > From: "Pid" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Thursday, May 24, 2007 8:04 PM > Subject: Re: TOMCAT ISSUE: System.Exit > > >> Johnny Kewl wrote: >>> Ha ha... I think this is a kludge, >> >> Using a SecurityManager is a kludge? >> >> but ok, I have "read"... so help >>> me... I want to stop Tomcat calling System.Exit(1)... what do I need to >>> do to the catalina.policy file to do this? >>> I imagine that instead of the embedded app shutting down the user will >>> now get a security exception, which to me is wrong... but hey, I'll try >>> it. >> >> The 'System.exit()' example is the usual one, as you will remember from >> when you read the documentation: >> >> http://tomcat.apache.org/tomcat-5.0-doc/security-manager-howto.html >> >> p >> >> >>> - Original Message - From: "Peter Crowther" >>> <[EMAIL PROTECTED]> >>> To: "Tomcat Users List" >>> Sent: Thursday, May 24, 2007 6:21 PM >>> Subject: RE: TOMCAT ISSUE: System.Exit >>> >>> >>>> From: Johnny Kewl [mailto:[EMAIL PROTECTED] >>>> Imagine I make a library for you... and your user application >>>> does something >>>> wrong... and then my library calls System.Exit and shuts down >>>> the JVM... how >>>> you going to fix that with a security manager?? >>> >>> The security manager can prevent the call from succeeding. Read, don't >>> just assume it can't work. >>> http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) >>> will give you hint on the fact that exit can be prevented by a security >>> manager, for example. >>> >>> - Peter >>> >>> - >>> To start a new topic, e-mail: users@tomcat.apache.org >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> - >>> To start a new topic, e-mail: users@tomcat.apache.org >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TOMCAT ISSUE: System.Exit
> From: Fargusson.Alan [mailto:[EMAIL PROTECTED] > Subject: RE: TOMCAT ISSUE: System.Exit > > Is System.exit implemented in Tomcat? I thought System.exit > is implemented in the JVM. It's part of the JRE. Tomcat merely makes use of it in a few places. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TOMCAT ISSUE: System.Exit
Is System.exit implemented in Tomcat? I thought System.exit is implemented in the JVM. -Original Message- From: Johnny Kewl [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2007 11:47 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: TOMCAT ISSUE: System.Exit Ok... beginning to think I'm the only one reading here... yes it is a kludge, and I doubt very much whether changing anything in catalina.policy will do anything in this case... because the security manager is probably incorporated in the web-app class loader... and yes this and the documentation makes sense when protecting Tomcat from a rouge web-app but thats not what I'm trying to do... I'm trying to protect an embedded application FROM TOMCAT itself. The code I have shown you is TOMCATS CODE... not the embedded application code which is using tomcat as a library... or a Web-App's code. Ok... think we got crossed lines somewhere... but just to recap... Tomcats System.Exit code kills the client calling tomcat... its rude ;) I suppose I could write a class loader in the client... tell it to stop System.Exits in a custom security manager... and then load up tomcat using that classloader... little bit too much work dont you think? All I think is happening is that those System.Exits make a lot of sense from a server perspective... but not from an embedded perspective... its not a disaster, it doenst make tomcat bad (its great), its just something to think about - Original Message - From: "Pid" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 8:04 PM Subject: Re: TOMCAT ISSUE: System.Exit > Johnny Kewl wrote: >> Ha ha... I think this is a kludge, > > Using a SecurityManager is a kludge? > > but ok, I have "read"... so help >> me... I want to stop Tomcat calling System.Exit(1)... what do I need to >> do to the catalina.policy file to do this? >> I imagine that instead of the embedded app shutting down the user will >> now get a security exception, which to me is wrong... but hey, I'll try >> it. > > The 'System.exit()' example is the usual one, as you will remember from > when you read the documentation: > > http://tomcat.apache.org/tomcat-5.0-doc/security-manager-howto.html > > p > > >> ----- Original Message - From: "Peter Crowther" >> <[EMAIL PROTECTED]> >> To: "Tomcat Users List" >> Sent: Thursday, May 24, 2007 6:21 PM >> Subject: RE: TOMCAT ISSUE: System.Exit >> >> >>> From: Johnny Kewl [mailto:[EMAIL PROTECTED] >>> Imagine I make a library for you... and your user application >>> does something >>> wrong... and then my library calls System.Exit and shuts down >>> the JVM... how >>> you going to fix that with a security manager?? >> >> The security manager can prevent the call from succeeding. Read, don't >> just assume it can't work. >> http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) >> will give you hint on the fact that exit can be prevented by a security >> manager, for example. >> >> - Peter >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TOMCAT ISSUE: System.Exit
> From: Johnny Kewl [mailto:[EMAIL PROTECTED] > Subject: Re: TOMCAT ISSUE: System.Exit > > yes it is a kludge, and I doubt very much whether changing > anything in catalina.policy will do anything in this case... It's certainly not a kludge; one of the primary functions of a security manager is to prevent 3rd party classes used by your app from doing anything your app doesn't want it to do. Sounds like you need to do some reading about the Java security manager capability, and stop assuming things that simply aren't true. You are correct in thinking that changing catalina.policy won't have an effect, since that isn't used when Tomcat runs as embedded. You need to specify a security manager and your own policy file when the JVM starts. > because the security manager is probably > incorporated in the web-app class loader... It's not; a security manager is part of the core JVM, not associated with any particular class loader. That's why there can be only one security manager per JVM instance. > I'm trying to protect an embedded application FROM TOMCAT itself. No, you're trying to protect an application from an embedded Tomcat, which is exactly what security managers are intended for. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT ISSUE: System.Exit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: > Ok... beginning to think I'm the only one reading here... yes it is a > kludge, and I doubt very much whether changing anything in > catalina.policy will do anything in this case... I'm not expert (never used SecurityManager, actually), but I think they're suggesting that you use a SecurityManager to restrict Tomcat /from/ your own application. You don't want Tomcat to run it's own SecurityManager... you want to use one that you configure outside of Tomcat. Tomcat should run inside /your/ SecurityManager, rather than running in its own. I think you're thinking about using Tomcat to configure a SecurityManager to restrict webapps... they are talking about restricting all of Tomcat. > Tomcats System.Exit code kills the client calling tomcat... its rude ;) One could argue that Tomcat shouldn't need System.exit... there are other ways to end programs. I would imagine that all threads Tomcat creates are daemon threads so simply ending the Main thread would do ths trick. I'm not Tomcat developer, though. > I suppose I could write a class loader in the client... tell it to stop > System.Exits in a custom security manager... That's exactly what they are suggesting. You don't have to write your own ClassLoader, though. Use an existing one with a SecurityManager attached (configured outside of Tomcat). This should protect your app from Tomcat's "rudeness". > and then load up tomcat > using that classloader... little bit too much work dont you think? No... it's probably the right way to do it, unless you want to run a hacked-up version of Tomcat, or you want to suggest a real, workable solution to the problem. What you have suggested looks like it will prevent Tomcat from shutting down under normal operating conditions (i.e. standalone, like most people do it). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVeoX9CaO5/Lv0PARAluYAJ9vjhrutyPHF7cQUNZ2TCBqWYG9FACgpyLo pfX3fghDQLsmFuLtpUD4vu0= =s8AN -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT ISSUE: System.Exit
Ok... beginning to think I'm the only one reading here... yes it is a kludge, and I doubt very much whether changing anything in catalina.policy will do anything in this case... because the security manager is probably incorporated in the web-app class loader... and yes this and the documentation makes sense when protecting Tomcat from a rouge web-app but thats not what I'm trying to do... I'm trying to protect an embedded application FROM TOMCAT itself. The code I have shown you is TOMCATS CODE... not the embedded application code which is using tomcat as a library... or a Web-App's code. Ok... think we got crossed lines somewhere... but just to recap... Tomcats System.Exit code kills the client calling tomcat... its rude ;) I suppose I could write a class loader in the client... tell it to stop System.Exits in a custom security manager... and then load up tomcat using that classloader... little bit too much work dont you think? All I think is happening is that those System.Exits make a lot of sense from a server perspective... but not from an embedded perspective... its not a disaster, it doenst make tomcat bad (its great), its just something to think about - Original Message - From: "Pid" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 8:04 PM Subject: Re: TOMCAT ISSUE: System.Exit Johnny Kewl wrote: Ha ha... I think this is a kludge, Using a SecurityManager is a kludge? but ok, I have "read"... so help me... I want to stop Tomcat calling System.Exit(1)... what do I need to do to the catalina.policy file to do this? I imagine that instead of the embedded app shutting down the user will now get a security exception, which to me is wrong... but hey, I'll try it. The 'System.exit()' example is the usual one, as you will remember from when you read the documentation: http://tomcat.apache.org/tomcat-5.0-doc/security-manager-howto.html p - Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 6:21 PM Subject: RE: TOMCAT ISSUE: System.Exit From: Johnny Kewl [mailto:[EMAIL PROTECTED] Imagine I make a library for you... and your user application does something wrong... and then my library calls System.Exit and shuts down the JVM... how you going to fix that with a security manager?? The security manager can prevent the call from succeeding. Read, don't just assume it can't work. http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) will give you hint on the fact that exit can be prevented by a security manager, for example. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT ISSUE: System.Exit
Johnny Kewl wrote: Ha ha... I think this is a kludge, Using a SecurityManager is a kludge? but ok, I have "read"... so help me... I want to stop Tomcat calling System.Exit(1)... what do I need to do to the catalina.policy file to do this? I imagine that instead of the embedded app shutting down the user will now get a security exception, which to me is wrong... but hey, I'll try it. The 'System.exit()' example is the usual one, as you will remember from when you read the documentation: http://tomcat.apache.org/tomcat-5.0-doc/security-manager-howto.html p - Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 6:21 PM Subject: RE: TOMCAT ISSUE: System.Exit From: Johnny Kewl [mailto:[EMAIL PROTECTED] Imagine I make a library for you... and your user application does something wrong... and then my library calls System.Exit and shuts down the JVM... how you going to fix that with a security manager?? The security manager can prevent the call from succeeding. Read, don't just assume it can't work. http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) will give you hint on the fact that exit can be prevented by a security manager, for example. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: TOMCAT ISSUE: System.Exit
Ha ha... I think this is a kludge, but ok, I have "read"... so help me... I want to stop Tomcat calling System.Exit(1)... what do I need to do to the catalina.policy file to do this? I imagine that instead of the embedded app shutting down the user will now get a security exception, which to me is wrong... but hey, I'll try it. - Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 6:21 PM Subject: RE: TOMCAT ISSUE: System.Exit From: Johnny Kewl [mailto:[EMAIL PROTECTED] Imagine I make a library for you... and your user application does something wrong... and then my library calls System.Exit and shuts down the JVM... how you going to fix that with a security manager?? The security manager can prevent the call from succeeding. Read, don't just assume it can't work. http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) will give you hint on the fact that exit can be prevented by a security manager, for example. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TOMCAT ISSUE: System.Exit
> From: Johnny Kewl [mailto:[EMAIL PROTECTED] > Imagine I make a library for you... and your user application > does something > wrong... and then my library calls System.Exit and shuts down > the JVM... how > you going to fix that with a security manager?? The security manager can prevent the call from succeeding. Read, don't just assume it can't work. http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#exit(int) will give you hint on the fact that exit can be prevented by a security manager, for example. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT ISSUE: System.Exit
Sorry dont understand, please explain a little more. I cant see what the security manager has to do with it. Imagine I make a library for you... and your user application does something wrong... and then my library calls System.Exit and shuts down the JVM... how you going to fix that with a security manager?? - Original Message - From: "Pid" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, May 24, 2007 2:54 PM Subject: Re: TOMCAT ISSUE: System.Exit Look up 'SecurityManager'. p Johnny Kewl wrote: I'm busy having a good look at Tomcats code, When I find something, I will report it like this, the powers that be, can list it as a bug, an issue, a nice to have, whatever. There is no need to report back, I'm not waiting for the changes, I'm making a modified Tomcat prototype called WildCat, so anyone interested can play with that. TOMCAT ISSUE: System.exit(1), In Catalina -> public void stopServer(String[] arguments) } catch (IOException e) { log.error("Catalina.stop: ", e); //System.exit(1); //MODIFIED } And in StandardServer -> public void await() } catch (IOException e) { log.error("StandardServer.await: create[" + port + "]: ", e); //System.exit(1); //MODIFIED } In an embedded application, these System.exit(1) kill the entire application. So for example if a user through an embedded application Starts or Stops tomcat twice, they don't see a trapped or redirected error in the application, because the application shuts down. The log.error will appear in the Dos/Terminal err/out stream, but in a Java application, the user will not be looking at that, the application just disappears. Johnny Kewl eMail: Johnkewlstuff.co.za -- replace with @ -- Cell: +027-72- 473-9331 Java Developer (Tomcat Aficionado) Free Tomcat software at http://coolese.100free.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TOMCAT ISSUE: System.Exit
> From: Johnny Kewl [mailto:[EMAIL PROTECTED] > Subject: TOMCAT ISSUE: System.Exit > > TOMCAT ISSUE: System.exit(1)... > In an embedded application, these System.exit(1) kill the > entire application. Wouldn't you normally control that by proper settings in your java.policy file for the application (conf/catalina.policy if not running embedded)? Don't think any code changes are needed here. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT ISSUE: System.Exit
Look up 'SecurityManager'. p Johnny Kewl wrote: I'm busy having a good look at Tomcats code, When I find something, I will report it like this, the powers that be, can list it as a bug, an issue, a nice to have, whatever. There is no need to report back, I'm not waiting for the changes, I'm making a modified Tomcat prototype called WildCat, so anyone interested can play with that. TOMCAT ISSUE: System.exit(1), In Catalina -> public void stopServer(String[] arguments) } catch (IOException e) { log.error("Catalina.stop: ", e); //System.exit(1); //MODIFIED } And in StandardServer -> public void await() } catch (IOException e) { log.error("StandardServer.await: create[" + port + "]: ", e); //System.exit(1); //MODIFIED } In an embedded application, these System.exit(1) kill the entire application. So for example if a user through an embedded application Starts or Stops tomcat twice, they don't see a trapped or redirected error in the application, because the application shuts down. The log.error will appear in the Dos/Terminal err/out stream, but in a Java application, the user will not be looking at that, the application just disappears. Johnny Kewl eMail: Johnkewlstuff.co.za -- replace with @ -- Cell: +027-72- 473-9331 Java Developer (Tomcat Aficionado) Free Tomcat software at http://coolese.100free.com/ smime.p7s Description: S/MIME Cryptographic Signature