Hi,
BZ 66294 [1] highlights the performance impact in Tomcat of some
additional SecurityManager checks that were added to avoid
AccessControlException when using the EL API JAR outside of Tomcat.
Details of the performance impact are in the bug report.
I think we have a few options here.
1. Assume Tomcat 11 will remove the SecurityManager. No nothing for now
and advise the reporter to move to Tomcat 11 when available.
2. Do nothing.
3. Disable this check by default and an option (it will have to be a
system property) to enable it.
4. Something else.
Thoughts?
I am currently leaning towards 3 given that the performance impact is
noticeable and that the check isn't required in normal usage.
Mark
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=66294
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
