iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Using NonStop Servlets for JavaServer Pages
(NSJSP)
iTP Secure WebServer System Administrator’s Guide—523346-002
9-34
Multithreading - Spawning Java Threads
sessions, the web container’s Numstatic and Maxservers attributes must have the
same value.
Multithreading - Spawning Java Threads
The NSJSP product supports spawning Java threads from within a servlet or JSP.
When multiple users access a servlet simultaneously, the web container does not
instantiate a new servlet instance for each user. When a client access the servlet, the
service() method is invoked in a separate thread. Therefore each client is sharing the
data of the servlet. In most cases this is by far the most efficient method of handling
multiple requests for servlets that do not contain client data.
You should be aware that multithreading may require you to allow for threading
synchronization. Every client has access to each field in the servlet - the fields of the
servlet are being shared by each client. If a field contains client-specific data, then the
access to that field must be synchronized.
You must also exercise caution when you use Pathway or iTPWebServer commands
that stop server class executions in environments where threads are spawned from
within the web container. Stopping the web container immediately stops all execution
threads that are running within the web container. There are no runtime checks that
allow the web container to stay up and wait for all threads to finish executing when a
Pathway STOP command has been issued against the web container.
If you require it, single threading/multiple instances can be invoked by the
SingleThreadModel interface, for example:
public class myServlet extends HttpServlet implements SingleThreadModel
makes myServlet single threaded. An instance of myServlet will be created for
each individual user request.
Request and Response Streams
The CGI interfaces of the iTP Secure WebServer implement standard input and output
as streams. Therefore the length of a request to or response from a servlet is
unlimited.
The Guardian interprocess communications mechanism is not inherently stream-
oriented. The Pathway CGI interfaces simulate stream behavior by accepting a series
of interprocess messages as stream.
Security Considerations
You can use the Region directive to restrict access to a JSP or servlet by protecting its
URL. In addition, you can use Safeguard to restrict access to any disk, file, or process
on a NonStop system.
Beyond these rudimentary types of protection, all servlets are considered trusted in the
current product version. The fact that all servlets must be loaded from the local iTP