Application Isolation in App Servers was Re: Module isolation

Adrian abrock at REDHAT.COM
Wed Jun 20 07:19:26 PDT 2007

On Tue, 2007-06-19 at 12:17 -0700, Bryan Atsatt wrote:
> But you are right, of course, that there exist more complex scenarios
> that require an intermediate form of sharing. Your named domains seems
> to satisfy that requirement. Can you restrict access to domains?

Not really. We assume that if you have "createClassLoader" permission
then you can modify the classloading structure however you like.

> And, as you know, even *within* an application, web-modules need to be
> isolated. So the private repository approach breaks down a bit here, or
> must be taken to the extreme of a single module repository instance.
> This is where an access control model might be a better solution.

The big issue with web-apps is their "load locally first".
This gets people into all sorts of trouble when they start
adding random things to WEB-INF/lib that is also visible
elsewhere in the application.

e.g. You add commons logging to an ear and then put
it in WEB-INF/lib of a war also in the ear

Ideally you'd want them to share the same classes,
but sometimes it is done this way so each webapp can
have its own singletons.

Adrian Brock
Chief Scientist
JBoss, a division of Red Hat

More information about the jsr277-eg-observer mailing list