[Wrapper-user] Re: Using JSW To Run a Java Server on a Privileged Port?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 4/9/06, Leif Mortenson <le...@ta...> wrote:
> Jason,
>     This is discussed in this feature request.
> http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D490806&group=
_id=3D39428&atid=3D425190
>     If there is anything that I have overlooked, feel free to add to
> this issue.  It is
> something I would like to make available, I am just not sure how.

Thanks for the link.  I figured I wouldn't be the first to ask about
it.  I'll add to the
issue.

>     The problem is that the Tomcat loader binds to the port as root and
> then changes to
> another user while maintaining a reference to the port.   Once the user
> has been changed,
> there is of course no way to go back to being root.
>
>     The Wrapper could do something like this once, but it would not be
> possible to recover
> from failures and launch a new JVM as that would require becoming root a
> second time.

From what I can tell, jsvc does not do it this way.  So, you should really =
have
a look at their implementation.  I believe it's something you could add to =
JSW.

>     In your case, it sounds like you want to let your live users connect
> directly to Tomcat.

I do indeed.

> I haven't used the newest version, but older versions were not really
> designed for this.

As of at least 3 years ago they were.  This is an area where Tomcat has
improved every year for many years.  At this point, Tomcat is at least as f=
ast
at serving static content as Apache httpd.

> Usually, you would have Apache running and then connect to Tomcat using
> mod_jk.

That pattern is still popular, but slows down Tomcat.  I no longer suggest =
this
pattern, mainly because Tomcat stand-alone is plenty capable now, and setti=
ng
up two servers (both httpd and Tomcat), plus a connector to connect them is
much more difficult to get working, and to maintain.  And, Tomcat is now fu=
ll
featured enough that most people don't need Apache httpd anymore (although
most don't realize this).

> This makes it possible for Tomcat to only need high ports, resolving
> this problem completely.

And creating the problem of lower performance, more difficult maintenance,
more difficult troubleshooting since you have two servers involved in each
request, etc..  Some folks will always set up Tomcat behind httpd, and will
insist that it is the right way, but that's more of a resistance to change =
than
anything.  Meanwhile, a large percentage of Tomcat users are now happily
using it without Apache httpd. and they want to run it on port 80 as a non-=
root
user.

Thanks.

--
Jason Brittain