8

By default, Tomcat prevents webapps from loading several .jars which are part of the Tomcat distribution (eg the servlet and JSP APIs) - is it possible to configure others to also be excluded?

If it can't be done with configuration alone, does Tomcat provide any extension points for resource validation?

I want to use shared logging libraries, and need to make sure that an errant app doesn't clobber the configuration.

Example

This is what I'm referring to (from Tomcat startup log):

Oct 1, 2011 5:53:40 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(D:\tomcat\myapp\WEB-INF\lib\servlet-api.jar) - jar not loaded.
See Servlet Spec 2.3, section 9.7.2.
Offending class: javax/servlet/Servlet.class
Dmitri
  • 181
  • 1
  • 3
  • I do not think tomcat Exclude any thing as such just a matter of classloading sequence which jar comes first in classpath . You are may be after this .http://stackoverflow.com/questions/267953/managing-libraries-in-tomcat –  Oct 01 '11 at 09:49
  • @Shahzeb: I added an example. This isn't really about how the different classloaders interact - I want to be able to validate the resources that webapps try to load. – Dmitri Oct 01 '11 at 10:02

1 Answers1

6

You check/filter what web apps load using a custom loader extending from org.apache.catalina.loader.WebappClassLoader as mentioned in the Tomcat documentation.

Check out Tomcat's implementation (7.0.19) of the standard WebAppClassLoader that implements the filtering of javax.servlet.Servlet to get started. It's probably enough to override that class and just put some more entries into the protected String[] fields triggers and packageTriggers.

Arry
  • 103
  • 4
Philipp Reichart
  • 176
  • 2
  • 1
    Of course, your custom `WebappClassLoader` should go into its own JAR in `TOMCAT_HOME/lib` away from your web apps, just to state the obvious :) – Philipp Reichart Oct 01 '11 at 10:33