tomcat support?

[andersk]

(Imported from ​help.mit.edu #547795.)

abhagi:

Also, can one upload JSP files onto scripts.mit.edu?

geofft:

We do not run a Tomcat installation the same way we run an Apache httpd installation on scripts; Tomcat does not allow us to do security isolation between users in the same manner, so we cannot set up a multiuser installation. There is an Apache-httpd module (mod_proxy_ajp) that appears to allow running JSP scripts, but we are not yet sure whether this properly and securely isolates user accounts. We will try to take a look at this sometime soon and determine whether this method is a practical solution; other users have expressed some interest in running JSP pages on scripts.

[geofft]

I looked at this a little more closely. It looks like mod_proxy_ajp only adds an ajp:// method to proxying, which is a FastCGI-like thing for servlets. We recently enabled mod_proxy, so there should be no security reasons not to enable mod_proxy_ajp and let people run servlet containers out of, say, cron.

We may want to figure out something like hacron to make it easy to determine the current scripts primary, or something like the port reservation system to make it guaranteed that the server you're proxying to is your own.

[geofft]

I swear I mentioned this somewhere, but apparently it wasn't Trac. According to ​http://docs.codehaus.org/display/JETTY/Configuring+AJP13+Using+mod_jk you don't actually want AJP, because it's nowhere near as pantsful as FastCGI, and you just want to use mod_proxy via plain old HTTP.

I think the only thing remaining on this ticket is to decide if we want to figure out some way to run server-spawned servlet containers (or other HTTP servers), a la server-spawned FastCGIs, or if we're okay with people running persistent servlet containers and proxying to them. Apparently in my previous comment I was assuming the latter would be the case, so...

[glasgall]

If we support Java at all, it will be via Jetty.