How to limit placing of jar-files in the user webapps?

[Corobitsyn Roman <kr...@dtnm.ru>]

How to limit placing of jar-files in the user webapps?
In other words, it is necessary to forbid, to the user to place jar-files in directory WEB-INF/lib
You will recommend what suitable ways?

Thanx for any help

BR,
   Corobitsyn Roman




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[Mladen Adamovic <ad...@blic.net>]

Antonio Petrelli wrote:
> If they all use the same version of Struts, there is no problem 
> (though I am not sure about it :-) ). But think about the chance to 
> have different versions of Struts in different webapps: it will lead 
> to a complete classloader mess!
Now I know why is Tomcat hosting more expensive than Apache ;).
The price for Tomcat hosting was such that it was least expensive to me 
to pay for VPS.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[Antonio Petrelli <br...@tariffenet.it>]

Corobitsyn Roman ha scritto:
> But I am not sure about that, shared struts will not work.
> I have two hosts with three webapps, and everyone use struts.
>   

If they all use the same version of Struts, there is no problem (though 
I am not sure about it :-) ). But think about the chance to have 
different versions of Struts in different webapps: it will lead to a 
complete classloader mess!
Ciao
Antonio

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[Corobitsyn Roman <kr...@dtnm.ru>]

I too as think
But I am not sure about that, shared struts will not work.
I have two hosts with three webapps, and everyone use struts.
Certainly it OT, but I ask to explain to me why will not work, briefly

Thank you

DD> Ok, i see your problem.

DD> However, you must be aware that preventing use of WEB-INF/lib is 
DD> handicapping for anyone needing java hosting. Frameworks like struts
DD> won't work if they are shared amongst webapplications. You might simply
DD> endup with your users exploding the .jars and putting their content in
DD> classes/, this way you will not decrease the load at all.
DD> On the other hand, even with only .jsps it is possibile to easily 
DD> exhaust tomcat memory very quickly by mis use of ThreadLocal

DD> And, as far as i know, there is no way to remove use of WEB-INF/lib
DD> unless you hack the tomcat webapp classloader code

DD> Corobitsyn Roman wrote:
>> Hello David.
>> Thank you for reply
>> I am sorry, that I have insufficiently clearly formulated a question
>> We admit, I am a hoster, and at me am hosting buyers.
>> In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have
>> 3rd libraries of the certain versions.
>> That there were no every possible mistakes, and resources Tomcat were not exhausted,
>> it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
>> to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is
>> a question as it can be made the best way
>>
>> Thanx
>>
>>
>> DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
>> DD> If so, could you tell me what is the point? It's pretty impossible to do
>> DD> anything without .jar files in a java webapp :)
>> DD> If what you want to avoid is people browsing a uploading .jar files....
>> DD> Unless you have a very badly written webapp it's already impossible :)
>> DD> Corobitsyn Roman wrote:
>>   
>>>> How to limit placing of jar-files in the user webapps?
>>>> In other words, it is necessary to forbid, to the user to place
>>>> jar-files in directory WEB-INF/lib
>>>> You will recommend what suitable ways?
>>>>
>>>> Thanx for any help
>>>>
>>>> BR,
>>>>    Corobitsyn Roman
>>>>
>>>>
>>>>




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[David Delbecq <de...@oma.be>]

Ok, i see your problem.

However, you must be aware that preventing use of WEB-INF/lib is 
handicapping for anyone needing java hosting. Frameworks like struts 
won't work if they are shared amongst webapplications. You might simply 
endup with your users exploding the .jars and putting their content in 
classes/, this way you will not decrease the load at all.
On the other hand, even with only .jsps it is possibile to easily 
exhaust tomcat memory very quickly by mis use of ThreadLocal

And, as far as i know, there is no way to remove use of WEB-INF/lib 
unless you hack the tomcat webapp classloader code

Corobitsyn Roman wrote:
> Hello David.
> Thank you for reply
> I am sorry, that I have insufficiently clearly formulated a question
> We admit, I am a hoster, and at me am hosting buyers.
> In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have 3rd libraries of the certain versions.
> That there were no every possible mistakes, and resources Tomcat were not exhausted,
> it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
> to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is a question as it can be made the best way
>
> Thanx
>
>
> DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
> DD> If so, could you tell me what is the point? It's pretty impossible to do
> DD> anything without .jar files in a java webapp :)
> DD> If what you want to avoid is people browsing a uploading .jar files....
> DD> Unless you have a very badly written webapp it's already impossible :)
> DD> Corobitsyn Roman wrote:
>   
>>> How to limit placing of jar-files in the user webapps?
>>> In other words, it is necessary to forbid, to the user to place
>>> jar-files in directory WEB-INF/lib
>>> You will recommend what suitable ways?
>>>
>>> Thanx for any help
>>>
>>> BR,
>>>    Corobitsyn Roman
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>   
>>>       
>
>
> DD> ---------------------------------------------------------------------
> DD> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> DD> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[Corobitsyn Roman <kr...@dtnm.ru>]

Hello David.
Thank you for reply
I am sorry, that I have insufficiently clearly formulated a question
We admit, I am a hoster, and at me am hosting buyers.
In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have 3rd libraries of the certain versions.
That there were no every possible mistakes, and resources Tomcat were not exhausted,
it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is a question as it can be made the best way

Thanx


DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
DD> If so, could you tell me what is the point? It's pretty impossible to do
DD> anything without .jar files in a java webapp :)
DD> If what you want to avoid is people browsing a uploading .jar files....
DD> Unless you have a very badly written webapp it's already impossible :)
DD> Corobitsyn Roman wrote:
>> How to limit placing of jar-files in the user webapps?
>> In other words, it is necessary to forbid, to the user to place
>> jar-files in directory WEB-INF/lib
>> You will recommend what suitable ways?
>>
>> Thanx for any help
>>
>> BR,
>>    Corobitsyn Roman
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>   


DD> ---------------------------------------------------------------------
DD> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
DD> For additional commands, e-mail: users-help@tomcat.apache.org



-- 
Best regards,
 Corobitsyn                            mailto:kra@dtnm.ru



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit placing of jar-files in the user webapps?

[David Delbecq <de...@oma.be>]

Ok, i suppose by user, you mean the webmaster owning a specific webapp.
If so, could you tell me what is the point? It's pretty impossible to do 
anything without .jar files in a java webapp :)
If what you want to avoid is people browsing a uploading .jar files.... 
Unless you have a very badly written webapp it's already impossible :)
Corobitsyn Roman wrote:
> How to limit placing of jar-files in the user webapps?
> In other words, it is necessary to forbid, to the user to place jar-files in directory WEB-INF/lib
> You will recommend what suitable ways?
>
> Thanx for any help
>
> BR,
>    Corobitsyn Roman
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org