2012/8/29 Dale Ogilvie <dale_ogil...@trimble.com>: > -----Original Message----- > From: Mark Thomas [mailto:ma...@apache.org] > >>Not quite. My point was the loading of the EL implementation is likely to be >>triggered by user code. If the webapp class loader is the TCCL loader than >>classes from the web app will be loaded before those from the >container. If >>the web app contains container classes then it is possible that they get >>loaded from the webapp rather than from Tomcat. >>(Enabling the security manager enables additional class loading checks that >>would stop this). Those classes from the webapp then have references held to >>them. They will work right up unto the point Tomcat tries to >access the >>class outside of the webapp they were loaded from. >> >>Mark > > I'm still not quite sure what you are saying matches exactly what I'm seeing > Mark.
Have you ever tried to run with SecurityManager being enabled? > So, it appears to me that the class *loading* is occurring "from" app1 in > step 4. I'm only pushing this because it kind looks "buggy" to me. Class loading does not always use TCCL. Sometimes it uses "otherclass.getClassLoader()". See e.g. javadoc of java.lang.Class#forName(String). So it is quite valid for it to load a class from app1 even if current TCCL belongs to app2. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org