Hey, I was reading through the Tomcat source code, trying to figure out how the tomcat internals are protected against unauthorized access from servlets. One thing I noticed was the fact that the servlets gain access to the StandardContext through the ApplicationContextFacade, which seems to act as a proxy for the ApplicationContext, rather than allowing servlets to have direct access to the ApplicationContext.
I was wondering why the ApplicationContextFacade is passed to the servlet rather then the ApplicationContext. I suspect this has something to do with security (as the facade is hardly a simplification of the interface). I looked at the code and saw that it basically forwards requests (as expected), but conditioned on some security settings (such as Globals.IS_SECURITY_ENABLED and SecurityUtil.isPackageProtectionEnabled()) it seems to use java reflection to pass the request. I know that the permissions change when using reflection, but I'm not entirely sure how this would enforce some security policy in the ApplicationContextFacade? It would be great if somebody could clarify this for me Thank you in advance for your help. Tom Lauwers
