Re: Jasper34: sandboxing/Priviledged

[Glenn Nielsen <gl...@voyager.apg.more.net>]

That is commented out in the 3.2 jasper branch, and isn't in
the Tomcat 4.0 branch of jasper.  It looks like you can remove it.

Regards,

Glenn

cmanolache@yahoo.com wrote:
> 
> Glenn, I hope you're around...
> 
> Can you explain ( again ) the rationale for the doPriviledged() in
> PageContextImpl ?
> 
> >From what I see, the release() doesn't do anything special, and
> init() does only the System.getProperty - but there are other ways to do
> that without a full Priviledged.
> 
> 3.3 seems to work fine in sandbox mode without this ( well, it used to
> have similar code but we managed to get rid of it ).
> 
> My main concern is performance ( since doPriviledged tends to be expensive
> and init/release happen per request ) ( and of course the "why keep it if
> it's not needed" ).
> 
> The other concern is that in one use case for jasper34 it may create
> problems. We would like JspC-generated pages to work in any container -
> that means the runtime and generated code must be included in the WAR (
> since not all containers are using jasper - yet ). In that case the
> runtime will run without priviledges ( well, in general it's better to
> keep the permissions low ).
> 
> Costin

-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------