There's a very rich security model for JEE webapps.
Others may be able to advise on the details, but if you run
under the security manager you can give very fine-grained access
to your webapps.
On Fri, Nov 27, 2009 at 12:51 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
> Hi Dick,
>
> Thanks for your reply.
> I'll have a look at atmosphere and indeed just use the ruby container.
>
> Only the permission thing is not clear to me yet.
> I understand that apps can't see each other's state, but I can access
> the filesystem from my rails app.
> So what prevents a (hacked) app to look around on the filesystem and
> find other rails apps or even modify them to gain access there as
> well?
>
> Mathijs
>
> On Fri, Nov 27, 2009 at 1:41 PM, Dick Davies
> <rasputnik_at_hellooperator.net> wrote:
>> On Wed, Nov 25, 2009 at 10:23 AM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>> Hi all,
>>>
>>> I'm investigating to move to glassfish v3 when it comes out, so I
>>> installed the latest preview (glassfish-v3-b73).
>>>
>>> I have a couple of questions:
>>>
>>> 1) I found "ruby container" and installed jruby. Now if I want to
>>> deploy rails apps, I have to turn them into a .war file I think.
>>> Do I need to use warbler for this?
>>
>> If you want to make WARs, yes.
>> As you say, WARbler will bundle a Ruby webapp with JRuby into
>> a WAR file.
>> Alternattively you can install the (j)ruby container and just deploy
>> directories of unmodified Ruby code
>> (which is essentially what the Glassfish gem does).
>> Pretty much any Rack-enabled Ruby app should work, so long as
>> you're not using native code.
>>
>>> Also, I think the gem will start separated vms for every app and not
>>> use the installed glassfish, but I might be mistaken.
>>
>> For the gem that's correct. If you
>>
>> 'asadmin deploy /path/to/rails/app' --contextroot /foo
>> 'asadmin deploy /path/to/another/rails/app' --contextroot /bar
>>
>> then you can run mulitple ruby apps on the single Glassfish JVM.
>>
>>
>>> 2) I have some java applications (mainly network server) that are
>>> currently just started by "java -jar" with some parameters.
>>> How can I tell glassfish to serve the application and what parameters to pass?
>>> I tried uploading the jar but I get errors about missing framework.
>>
>> Java runs WARs, EJBs, etc. If you've written a standalone app you'll
>> need to recode
>> it to use e.g. the servlet API before you can deploy it to Glassfish.
>>
>>
>>> 3) Filesystem security per app
>>> When running multiple applications, if 1 app gets hacked, I don't want
>>> the intruder to be able to look/modify other application code/state.
>>> Using ruby (the c version), I just created multiple system users and
>>> started their processes as that user. I then used filesystem
>>> permissions to make sure a hacked app could not reach other app
>>> directories.
>>> Since glassfish runs as a single user, I would like to somehow impose
>>> a similar restriction on apps.
>>> How can I achieve this?
>>
>> Java webapps can't see the state of other webapps. It's much less of an
>> issue.
>>
>>> 4) Jetty as servlet container
>>> I've done some testing/playing with jetty (v6) continuations. I would
>>> like to do some more serious comet-like stuff in the future.
>>> Is it possible to configure glassfish to use jetty for web applications?
>>> Or does glassfish offer something similar?
>>> It's not just for the comet stuff, I understood jetty is also very
>>> good performance-wise.
>>
>> Glassfish supports Comet. Haven't tried it myself yet, but the Atmosphere
>> framework looks very interesting (even has JRuby support):
>>
>> http://weblogs.java.net/blog/jfarcand/archive/2009/10/26/atmosphere-04-released
>>
>>
>> I've not seen any benchmarks on Jetty vs. Glassfish,
>> but I'd be surprised if GF was signigficantly slower.
>>
>> It does have a bigger memory footprint, but one big drive of
>> v3 was to strip down the Glassfish core so you could only run with the
>> minimum API support you needed (e.g. Ruby support loads on demand,
>> so does JMS / EJB support).
>>
>> You might well find GFv3 has what you need anyway.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>