2006-08-29

Working Around Shared Hosting

I have been investigating the shared hosting issues with Spring and found that it is not as bad as it initially seems. There are a few steps that must be taken, very similar to those taken from other java ported libraries (eg nhibernate).
Firstly, all calls to GetCompiledPageInstance MUST be replaced with CreateInstanceFromVirtualPath. I have provided the fix for this in a previous thread (http://forum.springframework.net/showthread.php?t=407). This is a must because the GetCompiledPageInstance method has an attribute on it, pretty much killing calls to it unless you are running in full trust mode. On shared servers this will be highly unlikely.

[SecurityPermission(SecurityAction.Demand, Unrestricted = true)]

Now i had thought this had been commited into the main branch of SPring.Web, but the nightly build and the cvs repository on sourceforge both do not have the fix

The second step to take modifing the spring source, is to find the file src\Spring\Spring.Core\Core\IO\FileSystemResource.cs. This file has two calls like this

fileHandle.Directory.Root.ToString();

In the hosting trust mode, this bombs out with a FileIOPermission violation. The reason being, you don't have access to the root directory when you are on the shared host. The Root property of DirectoryInfo has this line in it causing the exception.

new FileIOPermission(FileIOPermissionAccess.PathDiscovery, new string[] { text1 }, false, false).Demand();

My solution is a little hacky at the moment but you get the idea. All it is doing is getting the root folder (ie c: or d:). This propably wont work on a network drive remember.

fileHandle.Directory.ToString().Substring(0, 3);

Third thing to do is to add requirePermission="false" to the configSections section in web.config. If you dont do this you will receive a Configuration security permission exception.

<configSections>
  <sectionGroup name="spring">
    <section name="context" type="Spring.Context.Support.ContextHandler, Spring.Core" 
 requirePermission="false"/>
    <section name="objects" type="Spring.Context.Support.DefaultSectionHandler, Spring.Core" 
 requirePermission="false"/>
  </sectionGroup>
</configSections>

The last item on the list is probably the most obscure, and i will try to explain and give some background:

dll's can be signed, which gives them a strong name and a hash, which stops them being modified and re-distributed.
strong named dlls can be registered in the GAC.
From the GAC, dlls can be configured to run in full trust, depending on your .net framework configuration. (see somewhere in control panel -> administration tools).

When you run a web application in anything but full trust, all the dlls in the bin directory run in a partial trust mode.
Strong named assemblies that are NOT in the GAC but in you bin directory, can not by default be called from a partial trusted assembly

So in this case i have my project dll, spring, nhibernate and log4net in the bin directory, plus any dependant dlls. nhibernate and log4net are strong named, but i can only call log4net from my app, not nhibernate. Why is this? its because log4net has an assembly level attribute on it.

[assembly: System.Security.AllowPartiallyTrustedCallers()]

This attribute allows my partially trusted application to call into it without throwing an exception. Details can be found on msdn, its something to do with LinkDemand.

Now it gets tricky, that would mean all the dll's that i have in the bin directory need this attribute. How would i do this?, I could get all the sources for them and recompile, but what happens if i can't get the source, or i have a 3rd party app that is proprietary. I do the following instead:

1. get all the dll's and disassemble them
2. add the AllowPartiallyTrustedCallers attribute to them in the MSIL file
3. remove all signing code from the assembly
4. remove all public keys and hashes from the assembly
5. update any extern assembly declarations, by removing the public hash requirement
6. reassemble the dll's again.

What does this do? It removes all strong names from the assemblies and also updates the references to not require the strong named versions.
As we dont have the keys that sign the dll, we can't resign them, but we can remove the signing altogether.
We could resign them all with new keys that we created and update the references, but that sounds like a lot of work for no gain.
We are going to be running in partial trust mode so we just don't need strong named assemblies.
This process probably wont work in all circumstances mind you.

9 comments:

Anonymous said...

Hiya! I know this is kinda off topic but I'd figured I'd ask.
Would you be interested in trading links or maybe guest writing
a blog article or vice-versa? My website discusses a lot of the same topics as yours and
I feel we could greatly benefit from each other.
If you're interested feel free to send me an e-mail. I look forward to hearing from you! Wonderful blog by the way!

My weblog los angeles dj

Anonymous said...

I used to be suggested this blog via my cousin. I am not positive whether this publish is written by means of him as nobody else understand such specified approximately my trouble.
You are amazing! Thank you!

Look at my web blog :: Bluehost Ratings

Anonymous said...

Howdy just wanted to give you a quick heads up.
The words in your article seem to be running off the screen in Chrome.
I'm not sure if this is a formatting issue or something to do with web browser compatibility but I figured I'd post to let you
know. The layout look great though! Hope you get the
issue solved soon. Kudos

Look into my page web hosting business model

Anonymous said...

Excellent beat ! I wish to apprentice at the same time
as you amend your web site, how can i subscribe for a weblog website?
The account helped me a acceptable deal. I have been tiny bit acquainted
of this your broadcast provided vibrant transparent concept

my blog ... ZorPorno

oakleyses said...

ray ban sunglasses, tory burch outlet, nike roshe, oakley sunglasses, ray ban sunglasses, christian louboutin, ray ban sunglasses, louis vuitton outlet, christian louboutin uk, christian louboutin outlet, louis vuitton, nike outlet, cheap oakley sunglasses, oakley sunglasses, longchamp outlet, polo ralph lauren, longchamp outlet, jordan pas cher, polo ralph lauren outlet online, burberry pas cher, longchamp pas cher, nike free, prada outlet, nike free run, ugg boots, tiffany jewelry, ugg boots, air max, polo outlet, oakley sunglasses, christian louboutin shoes, longchamp outlet, uggs on sale, louis vuitton outlet, tiffany and co, louis vuitton outlet, kate spade outlet, michael kors pas cher, replica watches, louboutin pas cher, sac longchamp pas cher, gucci handbags, louis vuitton, oakley sunglasses wholesale, chanel handbags, nike air max, replica watches, prada handbags

oakleyses said...

michael kors outlet online, nike blazer pas cher, timberland pas cher, replica handbags, michael kors, sac hermes, coach outlet, ralph lauren uk, vans pas cher, burberry outlet, ray ban pas cher, michael kors outlet, burberry handbags, uggs outlet, mulberry uk, michael kors outlet, michael kors, converse pas cher, north face uk, polo lacoste, nike air max uk, michael kors outlet, abercrombie and fitch uk, nike air force, kate spade, oakley pas cher, nike air max uk, michael kors outlet online, true religion outlet, uggs outlet, north face, ray ban uk, michael kors outlet online, hollister pas cher, nike air max, nike tn, guess pas cher, nike roshe run uk, true religion jeans, true religion outlet, coach purses, sac vanessa bruno, michael kors outlet online, new balance, lululemon canada, nike free uk, hogan outlet, true religion outlet

oakleyses said...

instyler, hollister, oakley, nfl jerseys, jimmy choo outlet, nike air max, north face outlet, soccer jerseys, louboutin, hollister, celine handbags, ghd hair, baseball bats, soccer shoes, gucci, ray ban, beats by dre, longchamp uk, lululemon, nike air max, ralph lauren, ferragamo shoes, bottega veneta, converse outlet, p90x workout, mcm handbags, nike trainers uk, converse, vans outlet, north face outlet, giuseppe zanotti outlet, hermes belt, reebok outlet, mont blanc pens, hollister clothing, chi flat iron, babyliss, herve leger, mac cosmetics, nike roshe run, valentino shoes, insanity workout, vans, nike huaraches, wedding dresses, iphone cases, timberland boots, new balance shoes, abercrombie and fitch, asics running shoes

oakleyses said...

canada goose, louis vuitton, replica watches, juicy couture outlet, pandora jewelry, canada goose, ugg,uggs,uggs canada, doudoune moncler, canada goose outlet, canada goose uk, canada goose jackets, louis vuitton, moncler outlet, barbour, pandora charms, ugg, moncler, louis vuitton, ugg uk, lancel, barbour uk, marc jacobs, moncler, links of london, karen millen uk, toms shoes, swarovski, wedding dresses, canada goose, louis vuitton, ugg,ugg australia,ugg italia, pandora jewelry, moncler, moncler outlet, supra shoes, hollister, swarovski crystal, thomas sabo, juicy couture outlet, canada goose outlet, moncler uk, pandora uk, coach outlet, ugg pas cher, louis vuitton, montre pas cher, canada goose outlet, moncler

Blogger said...

Bluehost is the best website hosting provider with plans for all of your hosting requirments.