...
One topic that must at least be mentioned is the risk of using a JVM to store sensitive security-related information. A single JVM today has no concept of trusted paths, system-level security descriptors or anything like system virtual memory protection. Because of this, all threads executing in a single JVM should play nice together since they will likely be able to access each others' data. The Servlet environment has the ability to separate Servlet (or JSP) based applications into. Separate ServletContexts to avoid namespace overlap but this shouldn't be regarded as a security perimeter per se. At the very least, the Servlet/JSP runtime that vends the portal and it's its channels should be configured to run in a dedicated JVM until such time that the technology allows JVMs to support strong security internally.