You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Corobitsyn Roman <kr...@dtnm.ru> on 2006/05/22 13:57:03 UTC
How to limit placing of jar-files in the user webapps?
How to limit placing of jar-files in the user webapps?
In other words, it is necessary to forbid, to the user to place jar-files in directory WEB-INF/lib
You will recommend what suitable ways?
Thanx for any help
BR,
Corobitsyn Roman
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by Mladen Adamovic <ad...@blic.net>.
Antonio Petrelli wrote:
> If they all use the same version of Struts, there is no problem
> (though I am not sure about it :-) ). But think about the chance to
> have different versions of Struts in different webapps: it will lead
> to a complete classloader mess!
Now I know why is Tomcat hosting more expensive than Apache ;).
The price for Tomcat hosting was such that it was least expensive to me
to pay for VPS.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by Antonio Petrelli <br...@tariffenet.it>.
Corobitsyn Roman ha scritto:
> But I am not sure about that, shared struts will not work.
> I have two hosts with three webapps, and everyone use struts.
>
If they all use the same version of Struts, there is no problem (though
I am not sure about it :-) ). But think about the chance to have
different versions of Struts in different webapps: it will lead to a
complete classloader mess!
Ciao
Antonio
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by Corobitsyn Roman <kr...@dtnm.ru>.
I too as think
But I am not sure about that, shared struts will not work.
I have two hosts with three webapps, and everyone use struts.
Certainly it OT, but I ask to explain to me why will not work, briefly
Thank you
DD> Ok, i see your problem.
DD> However, you must be aware that preventing use of WEB-INF/lib is
DD> handicapping for anyone needing java hosting. Frameworks like struts
DD> won't work if they are shared amongst webapplications. You might simply
DD> endup with your users exploding the .jars and putting their content in
DD> classes/, this way you will not decrease the load at all.
DD> On the other hand, even with only .jsps it is possibile to easily
DD> exhaust tomcat memory very quickly by mis use of ThreadLocal
DD> And, as far as i know, there is no way to remove use of WEB-INF/lib
DD> unless you hack the tomcat webapp classloader code
DD> Corobitsyn Roman wrote:
>> Hello David.
>> Thank you for reply
>> I am sorry, that I have insufficiently clearly formulated a question
>> We admit, I am a hoster, and at me am hosting buyers.
>> In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have
>> 3rd libraries of the certain versions.
>> That there were no every possible mistakes, and resources Tomcat were not exhausted,
>> it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
>> to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is
>> a question as it can be made the best way
>>
>> Thanx
>>
>>
>> DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
>> DD> If so, could you tell me what is the point? It's pretty impossible to do
>> DD> anything without .jar files in a java webapp :)
>> DD> If what you want to avoid is people browsing a uploading .jar files....
>> DD> Unless you have a very badly written webapp it's already impossible :)
>> DD> Corobitsyn Roman wrote:
>>
>>>> How to limit placing of jar-files in the user webapps?
>>>> In other words, it is necessary to forbid, to the user to place
>>>> jar-files in directory WEB-INF/lib
>>>> You will recommend what suitable ways?
>>>>
>>>> Thanx for any help
>>>>
>>>> BR,
>>>> Corobitsyn Roman
>>>>
>>>>
>>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by David Delbecq <de...@oma.be>.
Ok, i see your problem.
However, you must be aware that preventing use of WEB-INF/lib is
handicapping for anyone needing java hosting. Frameworks like struts
won't work if they are shared amongst webapplications. You might simply
endup with your users exploding the .jars and putting their content in
classes/, this way you will not decrease the load at all.
On the other hand, even with only .jsps it is possibile to easily
exhaust tomcat memory very quickly by mis use of ThreadLocal
And, as far as i know, there is no way to remove use of WEB-INF/lib
unless you hack the tomcat webapp classloader code
Corobitsyn Roman wrote:
> Hello David.
> Thank you for reply
> I am sorry, that I have insufficiently clearly formulated a question
> We admit, I am a hoster, and at me am hosting buyers.
> In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have 3rd libraries of the certain versions.
> That there were no every possible mistakes, and resources Tomcat were not exhausted,
> it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
> to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is a question as it can be made the best way
>
> Thanx
>
>
> DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
> DD> If so, could you tell me what is the point? It's pretty impossible to do
> DD> anything without .jar files in a java webapp :)
> DD> If what you want to avoid is people browsing a uploading .jar files....
> DD> Unless you have a very badly written webapp it's already impossible :)
> DD> Corobitsyn Roman wrote:
>
>>> How to limit placing of jar-files in the user webapps?
>>> In other words, it is necessary to forbid, to the user to place
>>> jar-files in directory WEB-INF/lib
>>> You will recommend what suitable ways?
>>>
>>> Thanx for any help
>>>
>>> BR,
>>> Corobitsyn Roman
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>
>
> DD> ---------------------------------------------------------------------
> DD> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> DD> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by Corobitsyn Roman <kr...@dtnm.ru>.
Hello David.
Thank you for reply
I am sorry, that I have insufficiently clearly formulated a question
We admit, I am a hoster, and at me am hosting buyers.
In <TOMCAT_HOME>shared/lib and <TOMCAT_HOME>common/lib I have 3rd libraries of the certain versions.
That there were no every possible mistakes, and resources Tomcat were not exhausted,
it is necessary to limit use of catalogue WEB-INF/lib. And for the user compiled classes
to use catalogue <CUSTOM_WEBAPP>/WEB-INF/classes. And there is a question as it can be made the best way
Thanx
DD> Ok, i suppose by user, you mean the webmaster owning a specific webapp.
DD> If so, could you tell me what is the point? It's pretty impossible to do
DD> anything without .jar files in a java webapp :)
DD> If what you want to avoid is people browsing a uploading .jar files....
DD> Unless you have a very badly written webapp it's already impossible :)
DD> Corobitsyn Roman wrote:
>> How to limit placing of jar-files in the user webapps?
>> In other words, it is necessary to forbid, to the user to place
>> jar-files in directory WEB-INF/lib
>> You will recommend what suitable ways?
>>
>> Thanx for any help
>>
>> BR,
>> Corobitsyn Roman
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
DD> ---------------------------------------------------------------------
DD> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
DD> For additional commands, e-mail: users-help@tomcat.apache.org
--
Best regards,
Corobitsyn mailto:kra@dtnm.ru
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to limit placing of jar-files in the user webapps?
Posted by David Delbecq <de...@oma.be>.
Ok, i suppose by user, you mean the webmaster owning a specific webapp.
If so, could you tell me what is the point? It's pretty impossible to do
anything without .jar files in a java webapp :)
If what you want to avoid is people browsing a uploading .jar files....
Unless you have a very badly written webapp it's already impossible :)
Corobitsyn Roman wrote:
> How to limit placing of jar-files in the user webapps?
> In other words, it is necessary to forbid, to the user to place jar-files in directory WEB-INF/lib
> You will recommend what suitable ways?
>
> Thanx for any help
>
> BR,
> Corobitsyn Roman
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org