FWIW, Jetty uses a configurable mechanism to control which classes can
and can't be seen by a webapp.
Apart from being able to select parent-first or webapp-first delegation
models for classloading on a webapp by webapp basis, one can also control
which packages can and can't be overridden or accessed by a webapp.
To quote from the wiki page (
http://docs.codehaus.org/display/JETTY/Classloading):
+ "SystemClasses" cannot be overridden by webapp context classloaders. The defaults are;
{"java.","javax.servlet.","javax.xml.","org.mortbay.",
"org.xml.","org.w3c.", "org.apache.commons.logging.",
"org.apache.log4j."}
+ "ServerClasses" (on the container classpath) cannot be seen by webapp context classloaders
but can be overridden by the webapp. The defaults are:
{ "-org.mortbay.naming.","-org.mortbay.util.","org.mortbay.", "org.slf4j."};
Absolute classname can be passed, names ending with . are treated as packages names and
names starting with - are treated as negative matches and must be listed before
An idea like this may be worthwhile pursuing for the glassfish webapp classloader?
cheers
Jan