NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator's Guide
Programming and Management Features
NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator’s Guide—544548-004
4-7
Multithreading – Spawning Java Threads
Multithreading – Spawning Java Threads
NSJSP 6.0 supports spawning Java threads from a servlet or JSP.
When multiple users access a servlet simultaneously, the web container does not
instantiate a new servlet instance for each user. When a client accesses the servlet,
the service() method is invoked in a separate thread. Therefore, each client is
sharing the data of the servlet. In most cases, this arrangement is an efficient method
of handling multiple requests for servlets that do not contain client data.
Multithreading may require you to allow threading synchronization. Every client has
access to each field in the servlet because the fields of the servlet are shared by each
client. If a field contains client-specific data, the access to that field must be
synchronized.
Request and Response Streams
The CGI interfaces of the iTP Secure WebServer implement the standard input and
output as streams. Therefore, the length of a request to or response from a servlet is
unlimited.
The NonStop system interprocess communications mechanism is not inherently
stream-oriented. The Pathway CGI interfaces simulate stream behavior by accepting a
series of interprocess messages as streams.
Security Considerations
You can use the Region directive to restrict access to a JSP or servlet by protecting its
URL. In addition, you can use Safeguard to restrict access to any disk, file, or process
on a NonStop system.
Beyond these rudimentary types of protection, all servlets are considered trusted. The
fact that all servlets must be loaded from the local iTP Secure WebServer environment
tends to limit, but does not rule out, breaches of security. Specifically, neither the iTP
Secure WebServer nor the NSJSP server restricts the servlet function, beyond the
restrictions imposed by the NonStop Server for Java.
The web container inherits the security attributes of the Pathmon environment.
Caution. You must be cautious when you use the TS/MP (Pathway) or iTP Secure WebServer
commands that stop ServerClass executions in environments, where threads are spawned
from the web container. Stopping the web container immediately stops all the execution
threads that are running in the web container. There are no runtime checks that allow the web
container to wait for all the threads to finish running when a TS/MP (Pathway) STOP command
has been issued against the web container. If you stop the web container accidentally, perform
one of the following tasks:
restart the iTP Secure WebServer environment, or
THAW and START the servlet server if you have issued the FREEZE and STOP command.