2010/5/25 <ma...@apache.org>: > Author: markt > Date: Tue May 25 13:56:18 2010 > New Revision: 948044 > > URL: http://svn.apache.org/viewvc?rev=948044&view=rev > Log: > Proposals > > Modified: > tomcat/tc6.0.x/trunk/STATUS.txt > > +* Fix issues running AJP BIO coyote connector under a security manager > + http://svn.apache.org/viewvc?rev=947717&view=rev > + +1: markt > + -1:
If I search for the calls of FastHttpDateFormat.getCurrentDate() method I see that in trunk a) Http11AprProcessor() and Http11NioProcessor() constructors call FastHttpDateFormat.getCurrentDate() to preload the class b) Http11Processor uses PrivilegedAction http://svn.apache.org/viewvc?view=revision&revision=299009 c) The proposed patch implements the third way to solve this issue: - preload the class inside SecurityClassLoad and - call a constructor, to trigger initialization of static fields. The same could be achieved with calling any static method of the class, as said in ch.2.17.4 of JVM spec, http://java.sun.com/docs/books/jvms/second_edition/html/Concepts.doc.html#19075 though I am fine with this implementation, as calling the constructor looks faster and independent of the API. I think that only one of those three approaches should be used, and that will be c), as it covers not only HTTP, but AJP connectors as well. By the way, http://svn.apache.org/viewvc?rev=947717&view=rev contains changes to SecurityClassLoad.loadUtilPackage(). Those should not/cannot be backported as they are, because that method differs in tc6.0.x. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
