Application Isolation in App Servers was Re: Module isolation
abrock at REDHAT.COM
Wed Jun 20 07:19:26 PDT 2007
On Tue, 2007-06-19 at 12:17 -0700, Bryan Atsatt wrote:
> But you are right, of course, that there exist more complex scenarios
> that require an intermediate form of sharing. Your named domains seems
> to satisfy that requirement. Can you restrict access to domains?
Not really. We assume that if you have "createClassLoader" permission
then you can modify the classloading structure however you like.
> And, as you know, even *within* an application, web-modules need to be
> isolated. So the private repository approach breaks down a bit here, or
> must be taken to the extreme of a single module repository instance.
> This is where an access control model might be a better solution.
The big issue with web-apps is their "load locally first".
This gets people into all sorts of trouble when they start
adding random things to WEB-INF/lib that is also visible
elsewhere in the application.
e.g. You add commons logging to an ear and then put
it in WEB-INF/lib of a war also in the ear
Ideally you'd want them to share the same classes,
but sometimes it is done this way so each webapp can
have its own singletons.
JBoss, a division of Red Hat
More information about the jsr277-eg-observer