You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Glenn Nielsen <gl...@voyager.apg.more.net> on 2001/02/02 05:58:11 UTC

Tomcat 4 SecurityManager and Jasper ClassLoader changes

I have completed the changes necessary to implement the Java SecurityManager
in Tomcat 4.  I have also completed switching Jasper over to using the
URLClassLoader.

With these changes in place all watchdog tests pass and JspC works
as well as it did before I changed Jasper.

I'll commit all the changes tomorrow after I do a final update from
CVS and finish the docs.

This has been fun.  At one point I had to find a work around to prevent
HotSpot from core dumping with an internal error!

Regards,

Glenn
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Re: Tomcat 4 SecurityManager and Jasper ClassLoader changes

Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.

In answer, here is a copy of the original message I posted.

Glenn

-------- Original Message --------
Subject: Tomcat 4 Jasper ClassLoading changes to support SecurityManager
Date: Thu, 25 Jan 2001 16:46:20 -0600
From: Glenn Nielsen <gl...@voyager.apg.more.net>
Reply-To: tomcat-dev@jakarta.apache.org
To: tomcat-dev@jakarta.apache.org

In order to make it easier to integrate the SecurityManager into Jasper
for Tomcat 4 and to change some of Japsers annoying behaviours, I have
been working on switching Jasper over to the URLClassLoader.

I have the class loading changes in place and Jasper passes all watchdog
tests.  I wanted to run these changes past everyone before I finish
cleaning up the changes and committing it.  (I still have some work to
do on JspC and still need to add support for the SecurityManager.)

Jasper now creates a URLClassLoader for each JSP page and defers any other
class loading to the web app context class loader.  Using a single class
loader per JSP allowed me to remove all the code that increments the
class version number, i.e. the work directory no longer has multiple
*.java and *.class files for the same JSP page.  These changes also made
it easy for me to put the java source and class files in the same directory
tree as found in the web app context.  When Jasper is run in a servlet
container it no longer puts the class files in a package, they are now
in the default package.

These changes simplified the code quite a bit and also gave a performance
improvement.

When running watchdog tests the new jasper was ~25% faster than the current
jasper on a first compile or on first jsp class access after restart.  
On recompile of a jsp page it was 37% faster.  Execution of JSP servlet
after it had already been compiled and loaded was slightly faster.

Regards,

Glenn

Mel Martinez wrote:
> 
> --- Glenn Nielsen <gl...@voyager.apg.more.net> wrote:
> > I have completed the changes necessary to implement
> > the Java SecurityManager
> > in Tomcat 4.  I have also completed switching Jasper
> > over to using the
> > URLClassLoader.
> 
> Glenn,
> 
> Could you describe (briefly) the nature of the change
> in terms of the API?  I.E. Did you just reimplement
> JasperLoader to extend URLClassLoader or did you
> create a new loader class entirely?
> 
> I am currently using the tc3.x jasper API by extending
> it (to add a variety of needed features) and am going
> to have to make the plunge to tc4.x eventually.  Up
> till now I am pretty sure I've avoided any dependency
> that would preclude using the tc4.x version.  Just
> staying on my toes here.
> 
> Thanks,
> 
> Mel
> 
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail - only $35
> a year!  http://personal.mail.yahoo.com/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Re: Tomcat 4 SecurityManager and Jasper ClassLoader changes

Posted by Mel Martinez <me...@yahoo.com>.

--- Glenn Nielsen <gl...@voyager.apg.more.net> wrote:
> I have completed the changes necessary to implement
> the Java SecurityManager
> in Tomcat 4.  I have also completed switching Jasper
> over to using the
> URLClassLoader.

Glenn,

Could you describe (briefly) the nature of the change
in terms of the API?  I.E. Did you just reimplement
JasperLoader to extend URLClassLoader or did you
create a new loader class entirely?

I am currently using the tc3.x jasper API by extending
it (to add a variety of needed features) and am going
to have to make the plunge to tc4.x eventually.  Up
till now I am pretty sure I've avoided any dependency
that would preclude using the tc4.x version.  Just
staying on my toes here.

Thanks,

Mel

__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/