You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Antony Paul <an...@hotmail.com> on 2003/12/08 08:58:10 UTC
[OT] Some questions on Java,Servlet, JSP and Tomcat.
Hi all ,
I have some questions for which I was unable to find answers by
Googling. So I am asking it here. It is quite long.
1, Is there any security threat for Tomcat 4.1 series. I am using Tomcat
4.1.27 for development. What is the history of Tomcat in this regard. Is
Tomcat vulnerable to any remote exploitation issues provided that the
application is well written. I want to collect some arguments to favour Java
and Tomcat.
2, Any documentation on how servlet container is creating multiple instances
of same HttpServlet without implementing Runnable interface. At least
provide some links to docs or books which teaches threading issues in
servlet. It is only for a curiousity. I am only an application developer. I
want to improve my knowledge in servlet technology.
3, How to test a servlet for threading issues.
3, Is there anything wrong in implementing logic in service method in a
class which extends HttpServlet. What will happen if a doHead and other
requests are send to it. How to simulate a doHead,doTrace etc.. request ?. I
got some info at http://www.jguru.com/faq/view.jsp?EID=8824
4, Is it possible to synchronise a block of code in a servlet. I mean only
one thread of the same servlet execute the same portion of code at a time
and completes execution. I dont want to implement SingleThreadModel and
there is only one name in web.xml pointing to same servlet class. I have an
idea. Is this right.
Create a synchronised block which synchronised on the class.
synchronized(AlertServlet.class){
-------
}
My purpose is to synchronize database access. The application dont have
a heavy load.
5, Is it secure to transfer a request and response to another object which
is created in the service method of a servlet ?. I believe it is a safe
approach. I think Struts is doing this.
6, I have seen that Tomcat not shutting down the threads which are active
when shut down command is issued. I used to kill Tomcat in such conditions.
Does Tomcat will ever kill this threads if they are not completed execution.
What criteria is used in such cases.
7, In Tomcat 4.0.x series there is one file catalina.out which prints the
number of active Httpprocessor active(I think it is number of threads) ut it
is not found in 4.1 series. Is there any way to get this log file in 4.1. I
also want to writing to this log mailed to me when the no. of HttpProcessors
exceeds a limit without tweaking Tomcat code.
rgds
Antony Paul.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [OT] Some questions on Java,Servlet, JSP and Tomcat.
Posted by Tim Funk <fu...@joedog.org>.
[inline]
Antony Paul wrote:
> 1, Is there any security threat for Tomcat 4.1 series. I am using Tomcat
> 4.1.27 for development. What is the history of Tomcat in this regard. Is
> Tomcat vulnerable to any remote exploitation issues provided that the
> application is well written. I want to collect some arguments to favour Java
> and Tomcat.
None that anyone is aware of.
> 2, Any documentation on how servlet container is creating multiple instances
> of same HttpServlet without implementing Runnable interface. At least
> provide some links to docs or books which teaches threading issues in
> servlet. It is only for a curiousity. I am only an application developer. I
> want to improve my knowledge in servlet technology.
See the Servlet spec. I can't recommend any books.
> 3, How to test a servlet for threading issues.
> 3, Is there anything wrong in implementing logic in service method in a
> class which extends HttpServlet. What will happen if a doHead and other
> requests are send to it. How to simulate a doHead,doTrace etc.. request ?. I
> got some info at http://www.jguru.com/faq/view.jsp?EID=8824
You are supposed to extend HttpServlet, then implement doHead(...),
doGet(...) or appropriate. If a method is not implemented, an NOT IMPLEMENTED
should get returned.
> 4, Is it possible to synchronise a block of code in a servlet. I mean only
> one thread of the same servlet execute the same portion of code at a time
> and completes execution. I dont want to implement SingleThreadModel and
> there is only one name in web.xml pointing to same servlet class. I have an
> idea. Is this right.
> Create a synchronised block which synchronised on the class.
> synchronized(AlertServlet.class){
> -------
> }
> My purpose is to synchronize database access. The application dont have
> a heavy load.
Yes - but this may cause bad side effects. For concurrent programming, many
like Doug Lea's books.
> 5, Is it secure to transfer a request and response to another object which
> is created in the service method of a servlet ?. I believe it is a safe
> approach. I think Struts is doing this.
Secure - sure. Wise - depends. (On too many variables based on the writeup)
If using some MVC models, like struts, turbine, - then all is OK.
> 6, I have seen that Tomcat not shutting down the threads which are active
> when shut down command is issued. I used to kill Tomcat in such conditions.
> Does Tomcat will ever kill this threads if they are not completed execution.
> What criteria is used in such cases.
Tomcat is a JVM process. Like any JVM, it only terminates when only daemon
threads are running.
> 7, In Tomcat 4.0.x series there is one file catalina.out which prints the
> number of active Httpprocessor active(I think it is number of threads) ut it
> is not found in 4.1 series. Is there any way to get this log file in 4.1. I
> also want to writing to this log mailed to me when the no. of HttpProcessors
> exceeds a limit without tweaking Tomcat code.
This may be in the catalina_XXX files. Not sure about this one.
-Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org