By default, Tomcat prevents webapps from loading several .jars which are part of the Tomcat distribution (eg the servlet and JSP APIs) - is it possible to configure others to also be excluded?
If it can't be done with configuration alone, does Tomcat provide any extension points for resource validation?
I want to use shared logging libraries, and need to make sure that an errant app doesn't clobber the configuration.
Example
This is what I'm referring to (from Tomcat startup log):
Oct 1, 2011 5:53:40 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(D:\tomcat\myapp\WEB-INF\lib\servlet-api.jar) - jar not loaded.
See Servlet Spec 2.3, section 9.7.2.
Offending class: javax/servlet/Servlet.class
You check/filter what web apps load using a custom loader extending from
org.apache.catalina.loader.WebappClassLoaderas mentioned in the Tomcat documentation.Check out Tomcat's implementation (7.0.19) of the standard
WebAppClassLoaderthat implements the filtering ofjavax.servlet.Servletto get started. It's probably enough to override that class and just put some more entries into theprotected String[]fieldstriggersandpackageTriggers.