> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Restrict the use of JDK classes Tomcat 7 or 6
> When you say "Java classes", are you talking about re-defining > something like java.lang.String? If so, then the servlet spec (3.0: > 10.7.2) prohibits web applications from loading classes from any of > these packages from a web application class loader. > java.* > javax.* > Looking at current trunk, Tomcat appears to take a lazy view and just > look for these two classes: > javax.servlet.Servlet > javax.el.Expression > So it looks like you might be able to redefine java.lang.String if you > want. As I recall, the JVM itself prevents loading of java.* classes from anywhere other than the registered JRE jar locations. Not sure about javax.* classes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org