You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Nathan Schrenk <ns...@neog.com> on 1996/01/18 06:56:43 UTC
Re: more web server perfomance stats
On Wed, 17 Jan 1996, Dirk.vanGulik wrote:
[cgi-pipe info removed]
> The trouble is I am not sure how to build such constand
> backend pipes to apache in a neat way. I know what I want
> but it has some thinking to go.
>
> But I am sure other people have been doing the same thing.
We've developed some software here that sounds conceptually similar, but
we're using Java where you're using perl. We have a server daemon written
in Java that sits on the webserver and accepts connections. This Java
server gets input (what class to load, encoded CGI input, a blob of
environment-type data) from an Apache module that connects to it, and then
uses a hacked up class loader to load the appropriate class. The server
then starts up a new thread with this class, and hands it the input, and
shuttles whatever output it generates back to Apache. This is basically
just a replacement for CGI. We are very interested in performance, and
wanted to use Java, but the two don't easily mesh.
If you have to run a Java interpreter/virtual machine each time you run a
Java program, you're wasting a lot of resources and it doesn't make sense
in a CGI-ish application where you are frequently running a lot of little
programs which start up, do a little work, and then die. We think we can
eliminate most of the overhead by using this Java server daemon that runs
all the classes with a single Java interpreter which is running all the
time.
This is all well and good, but we haven't sat down and figured out how to
integrate this into Apache's security model. Right now our class loader
just searches its CLASSPATH, loads classes, and runs them and theres no
real security built into the Java class server. Since the classes don't
refer to any real file system object in our current module (the module
looks at the URI to determine when a Java class is being requested)
the existing security mechanisms that are based on the filesystem won't
apply.
One way to work this out is to have dummy text files under the document
tree that have some identifying extension (in our case, maybe .ssj for
'server side Java' or something similar) which the module would
understand and which might even contain some info about how the class was
to be executed.
Any thoughts?
Nathan
> Dw.
--
Nathan Schrenk nschrenk@neog.com
Neoglyphics Media Corp. http://www.neog.com/