From: Christopher Schultz
Sent: Thursday, April 10, 2025 2:22
To: users@tomcat.apache.org
Subject: Re: HOWTO: the right way to configure security constraints to protect
CGI scripts in web.xml
Mark,
On 4/8/25 5:40 PM, Mark Thomas wrote:
> 8 Apr 2025 21:45:50 Ch
Mark,
On 4/8/25 5:40 PM, Mark Thomas wrote:
8 Apr 2025 21:45:50 Christopher Schultz :
Justin,
On 4/8/25 3:16 AM, Justin Chen wrote:
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" /
r security mapping would be open to second guesses. It is the same
with any servlet that is using its path info liberally.
Rémy
> Chenjp
>
> From: Mark Thomas
> Sent: Wednesday, April 9, 2025 5:40
> To: Tomcat Users List
> Subject: Re: HOWTO: the right way to configure
Sent: Wednesday, April 9, 2025 5:40
To: Tomcat Users List
Subject: Re: HOWTO: the right way to configure security constraints to protect
CGI scripts in web.xml
8 Apr 2025 21:45:50 Christopher Schultz :
> Justin,
>
> On 4/8/25 3:16 AM, Justin Chen wrote:
>> Dear users and supporters,
8 Apr 2025 21:45:50 Christopher Schultz :
Justin,
On 4/8/25 3:16 AM, Justin Chen wrote:
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required
role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order
Justin,
On 4/8/25 3:16 AM, Justin Chen wrote:
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order to protect above endpoints via web.xml secur
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order to protect above endpoints via web.xml security-constraints mechanism,
how shall I do?
Rega
> rest of the URL when the 1st fitler does not match. I hope to
> reject all the IP in this case
>
> Here are the filters, in the order that I add them in web.xml :
>
> Accept All
> org.apache.catalina.filters.RemoteAddrFilter
>
>
> allow
> \d+\.\d+\.\d+\.\d+
&
t;
> 2) Block All : this one is more general and should match the
> rest of
> the URL when the 1st fitler does not match. I hope to reject all the
> IP in
> this case
>
> Here are the filters, in the order that I add them in web.xml :
>
>
> Accep
accept all IP addresses
2) Block All : this one is more general and should match the rest of
the URL when the 1st fitler does not match. I hope to reject all the IP in
this case
Here are the filters, in the order that I add them in web.xml :
Accept All
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rob,
On 10/1/16 8:59 AM, Rob Nikander wrote:
> Hi,
>
> I’m upgrading from Tomcat 6 to Tomcat 8. The web.xml has a mapping
> like this, to use the jsp servlet for all files in a certain
> directory:
>
> jsp
> /some-stuff/*
>
> In Tomcat 6 this
Hi,
I’m upgrading from Tomcat 6 to Tomcat 8. The web.xml has a mapping like this,
to use the jsp servlet for all files in a certain directory:
jsp
/some-stuff/*
In Tomcat 6 this worked, but in 8, this *replaces* the existing mapping from
the default web.xml (so .jsp fi
On 15/02/2015 17:42, Ryan Scharer wrote:
> Thanks! That comment was an enormous help. I was able to achieve what I
> wanted just by setting metadata-complete to true. I had previously assumed
> that that would disable jar scanning. Instead it simply disables
> web-fragment scanning.
>
> What still
Thanks! That comment was an enormous help. I was able to achieve what I
wanted just by setting metadata-complete to true. I had previously assumed
that that would disable jar scanning. Instead it simply disables
web-fragment scanning.
What still confuses me is why the only mechanism provided by th
On 13/02/2015 18:49, Ryan Scharer wrote:
> Chris,
>
> I share your misgivings about magic, though if it exhibits well-documented
> and predictable behavior I usually just shrug and go along with it. Sadly
> that doesn't seem to be the case here.
It is documented but I'd agree it could be better d
On 13/02/2015 17:59, Ryan Scharer wrote:
> Hey folks,
>
> I'm not sure if this is a bug or not, but I can't find any relevant
> information in the spec to suggest the behavior is expected.
>
> There's a web-fragment in my classpath that I'd like to skip. The only way
> to accomplish this that I k
Chris,
I share your misgivings about magic, though if it exhibits well-documented
and predictable behavior I usually just shrug and go along with it. Sadly
that doesn't seem to be the case here. I'll set aside some time to step
through the Tomcat code to try to figure this out, though in the meant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ryan,
On 2/13/15 12:59 PM, Ryan Scharer wrote:
> I'm not sure if this is a bug or not, but I can't find any relevant
> information in the spec to suggest the behavior is expected.
>
> There's a web-fragment in my classpath that I'd like to skip. T
Hey folks,
I'm not sure if this is a bug or not, but I can't find any relevant
information in the spec to suggest the behavior is expected.
There's a web-fragment in my classpath that I'd like to skip. The only way
to accomplish this that I know of is to put an stanza
in my web.xml and omit an .
2014-03-26 17:34 GMT+04:00 Robert Olofsson :
> Hi!
>
> I just started an upgrade of our tomcat, 7.0.47, to 7.0.52 and got into a
> problem. Tomcat did not want to start our webapp. Looking in the log
> I see:
>
> Mar 26, 2014 2:10:42 PM org.apache.catalina.startup.ContextConfig
> parseWebXml
> SEVE
Hi!
I just started an upgrade of our tomcat, 7.0.47, to 7.0.52 and got into a
problem. Tomcat did not want to start our webapp. Looking in the log
I see:
Mar 26, 2014 2:10:42 PM org.apache.catalina.startup.ContextConfig
parseWebXml
SEVERE: Parse error in application web.xml file at
jndi:/local
Sorry for the late reply, it works, just a dumb mistake on my part. I
wasn't handling GETs in my custom error servlet.
Thanks again,
Alec
On Thu, Jan 9, 2014 at 5:11 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alec,
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alec,
On 1/9/14, 2:28 PM, Tomcat Random wrote:
> I have a custom error servlet set up in my webapps web.xml file
> like so:
>
>
> java.lang.RuntimeException
> /runtimeExceptionHandler
>
> In JSTL if a property is spelled incorrectly or doesn't
I have a custom error servlet set up in my webapps web.xml file like so:
java.lang.RuntimeException
/runtimeExceptionHandler
In JSTL if a property is spelled incorrectly or doesn't exist, the
PropertyNotFoundException will not trigger the error servlet, even though
PNFEs extend
y to define
>> auth-constraint dynamically in web.xml?
>>
>> For instance I'd like to have the following
>>
>>
>>
>> /something/(.*)/someotherthing
>> PUT POST
>> DELETE
>> \1_something
>>
>> *_something
>>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cédric,
On 5/3/13 3:09 AM, Cédric Couralet wrote:
> More of a servlet spec question than a tomcat one, and, from what
> I read, a rather long shot, but is there a way to define
> auth-constraint dynamically in web.xml?
>
> For insta
Hello,
More of a servlet spec question than a tomcat one, and, from what I
read, a rather long shot, but is there a way to define auth-constraint
dynamically in web.xml?
For instance I'd like to have the following
/something/(.*)/someother
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, April 24, 2013 3:28 PM
> To: Tomcat Users List
> Subject: Re: in web.xml
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jeff,
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeff,
On 4/24/13 2:22 PM, Jeffrey Janner wrote:
>> -Original Message- From: Jeffrey Janner
>> [mailto:jeffrey.jan...@polydyne.com] Sent: Wednesday, April 24,
>> 2013 1:12 PM To: Tomcat Users List Subject:
> -Original Message-
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Sent: Wednesday, April 24, 2013 1:12 PM
> To: Tomcat Users List
> Subject: RE: in web.xml
>
> > -Original Message-
> > From: Christopher Schultz [mailto:ch...@ch
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, April 24, 2013 12:28 PM
> To: Tomcat Users List
> Subject: Re: in web.xml
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jeff,
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeff,
On 4/23/13 11:40 AM, Jeffrey Janner wrote:
>> -Original Message- From: Christopher Schultz
>> [mailto:ch...@christopherschultz.net] Sent: Thursday, April 18,
>> 2013 5:01 PM To: Tomcat Users List Subject:
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, April 18, 2013 5:01 PM
> To: Tomcat Users List
> Subject: Re: in web.xml
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jakub,
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jakub,
On 4/17/13 9:22 PM, Jakub 1983 wrote:
> can I define database connection only in web.xml, without using
> context.xml files ?
>
> can I pass database url, login and password into ?
>
> when I define database conn in con
Konstantin,
thx for your reply.
Do you know name of such a tool and application server which offers
configuration of database connection on basis of web.xml.resource-ref ?
regards
Jakub
On Thu, Apr 18, 2013 at 11:05 AM, Konstantin Kolinko wrote:
> 2013/4/18 Jakub 1983 :
> > I have tried googl
2013/4/18 Jakub 1983 :
> I have tried google, but this links don't explain me, eg 4 states
>
>
> jdbc/primaryDB
> jdbc/PrimaryDBInTheContainer
>
> I have already tried it, and it doesn't work.
>
> In my opinion is useless under tomcat,
>
> or better said, it has only informative value, at lea
kub 1983 [jjaku...@gmail.com]
> > Sent: Wednesday, April 17, 2013 7:26 PM
> > To: Tomcat Users List
> > Subject: explanation of resource-ref in web.xml
> >
> > What the hell is in web.xml used for ?
> >
> >
>
On Wed, Apr 17, 2013 at 10:38 PM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
>
>
> From: Jakub 1983 [jjaku...@gmail.com]
> Sent: Wednesday, April 17, 2013 7:26 PM
> To: Tomcat Users List
> Subject: explanation of
I have tried, and definig only in context.xml is sufficient,
in web.xml was commented, but I still could acces database
connection from jndi.
On Thu, Apr 18, 2013 at 4:38 AM, Leo Donahue - RDSA IT <
leodona...@mail.maricopa.gov> wrote:
>
> ___
From: Jakub 1983 [jjaku...@gmail.com]
Subject: in web.xml
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
**
You need something to
From: Jakub 1983 [jjaku...@gmail.com]
Sent: Wednesday, April 17, 2013 7:26 PM
To: Tomcat Users List
Subject: explanation of resource-ref in web.xml
What the hell is in web.xml used for ?
I use it in a context
What the hell is in web.xml used for ?
My imagination is as follows, please confirm or deny it.
is part of servlet spec, not tomcat spec.
context.xml and it's resource declaration is private concept of tomcat, not
described by any external specificatin, jsr, etc.
says, that in your w
can I define database connection only in web.xml, without using context.xml
files ?
can I pass database url, login and password into ?
when I define database conn in context.xml, resource-ref is not needed at
all, so what is it actually for ?
regards
Jakub
> In our environments, "/path/to/directory" will be different for different
> deployments, and so we don't want to hardcode this into the web.xml else the
> WAR is non-portable.
>
> Put the following on /conf/context.xml and it will override
the value in web.xml -
Hi all,
We have a 3rd party application that is deployed into our environment. As it
is 3rd party we have no control over changing the servlet code itself.
As part of the "configuration" of the servlet to be deployed into an
environment, it wants a directory path passed as a servlet context pa
ent will be the easiest for them to see). Of course
for this matter to succeed the creation of a fully automated web.xml building
script will be required.
Thanks for the help.
Best regards,
Federico.
-Mensaje original-
De: Christopher Schultz [mailto:ch...@christopherschultz.net
). Of course
for this matter to succeed the creation of a fully automated web.xml building
script will be required.
Thanks for the help.
Best regards,
Federico.
-Mensaje original-
De: Christopher Schultz [mailto:ch...@christopherschultz.net]
Enviado el: jueves, 09 de juni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Federico,
On 6/8/2011 2:04 PM, falva...@geocom.com.uy wrote:
> If this is the case I could make it weight-in in the matter of building a
> well formed web.xml.
>
> Although it could take some time.
How many servlets do you have?
> Mapping each serv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Federico,
On 6/8/2011 10:17 AM, falva...@geocom.com.uy wrote:
>
> invoker
> /*
>
Why not map the invoker to "/servlet/*"?
Seems like that would fix your problem.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment:
On 08/06/2011 17:48, falva...@geocom.com.uy wrote:
> Currently we do not have this kind of attacks because the app runs in an
> intranet. But I know that in this closed scenario we should beware of the
> users.
But if your network is penetrated, your server will be vulnerable and
therefore a resou
nd keep images under
"/images".
Thanks a lot Tim and thanks to all.
Regards,
Federico.
-Mensaje original-
De: Tim Funk [mailto:funk...@apache.org]
Enviado el: miércoles, 08 de junio de 2011 14:53
Para: Tomcat Users List
Asunto: Re: Static resource mapping in web.xml
yes -
yes - that would be a problem. The invoker doesn't know how to serve static
resources.
-Tim
On Wed, Jun 8, 2011 at 1:44 PM, wrote:
> I agree with you.
>
> The static resources where never a problem to me, but since I messed with
> the web.xml they started to behave oddly.
>
> Maybe this line i
be interfering with the requests to resources?
-Mensaje original-
De: Tim Funk [mailto:funk...@apache.org]
Enviado el: miércoles, 08 de junio de 2011 14:09
Para: Tomcat Users List
Asunto: Re: Static resource mapping in web.xml
If your images are in the correct directory then tomcat will
If your images are in the correct directory then tomcat will serve them for
you with its DefaultServlet. There should be nothing to do.
Then to serve resources via the invoker - this is where the filter is handy.
You declare the invoker servlet - but you do not map it. The servlet api
allows you t
Thanks a lot André for taking the time in explaining.
Currently we do not have this kind of attacks because the app runs in an
intranet. But I know that in this closed scenario we should beware of the
users.
Hopefully, someday, we will be able to properly map this application in
web.xml and
2011 12:44
Para: Tomcat Users List
Asunto: Re: Static resource mapping in web.xml
No - images will be served by the default servlet so nothing needs to be
done for images.
The filter is used as a way to let the invoker work and be a tiny bit more
secure. So the filter is mapped to /* and will forw
.
No, unless it is specifically mapped to a URL in web.xml.
If invoker is not enabled, unless this class is mapped there is no
possible harm.
Your example made clear the damage potential in using invoker.
But: unless there are JARs with this capabilities in Tomcats distribution or
No - images will be served by the default servlet so nothing needs to be
done for images.
The filter is used as a way to let the invoker work and be a tiny bit more
secure. So the filter is mapped to /* and will forward anything to the
invoker serllet if the requested path *looks like one of your
resource mapping in web.xml
falva...@geocom.com.uy wrote:
...
>
> Invoker: I know it is bad (even more than the overlord), probably don't
know
> how bad or the impact it has in usage, but for now it works.
>
> I've read some about it, but never could really understand
mcat Users List
Asunto: Re: Static resource mapping in web.xml
Your "easiest" workaround is to use a filter.
So
1) have the default servlet map to /* (which is the default)
2) keep the invoker declared
3) And make your filter do this ...
doFilter(..) {
if (request.getServletPath(
falva...@geocom.com.uy wrote:
...
Invoker: I know it is bad (even more than the overlord), probably don't know
how bad or the impact it has in usage, but for now it works.
I've read some about it, but never could really understand the problems it
brings.
http://wiki.apache.org/tomcat/FAQ/Mis
List
Asunto: Re: Static resource mapping in web.xml
On 08/06/2011 15:17, falva...@geocom.com.uy wrote:
> I have a WEBAPP which uses the "invoker" servlet (i know
how
> bad it is, but for now it gets the job done).
That is such a monumentally bad idea I'm not at al
path.
So a tipical URL was
like"http://host:8080/webapp/servlet/home";
<http://host:8080/webapp/servlet/home>.
To avoid the "servlet" part of the URL I layed hands in
"web.xml".
This
On 08/06/2011 15:17, falva...@geocom.com.uy wrote:
> I have a WEBAPP which uses the "invoker" servlet (i know how
> bad it is, but for now it gets the job done).
That is such a monumentally bad idea I'm not at all sure you really do
understand just how bad it is.
>
static content is under "/images/" path.
So a tipical URL was like
"http://host:8080/webapp/servlet/home";.
To avoid the "servlet" part of the URL I layed hands in
"web.xml"
On 14 Dec 2010, at 14:13, dfsdf fsdfsd wrote:
> Hi
> I am using Tomcat 5.5.4 under Unix Sun Solaris.
> I have a servlet that should be executed on web.xml
>
> http://java.sun.com/xml/ns/j2ee";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://java.sun.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sandy,
On 12/14/2010 9:13 AM, dfsdf fsdfsd wrote:
Please change your "name" to reflect your real name. Or a fake name if
you wish. "dfsdf fsdfsd" means you're just not trying hard enough.
> I am using Tomcat 5.5.4 under Unix Sun Solaris.
As Chuck s
> From: dfsdf fsdfsd [mailto:budihartono...@yahoo.com]
> Subject: StartUpServlet in web.xml is not executed
> I am using Tomcat 5.5.4 under Unix Sun Solaris.
What happens if you try it on a version of Tomcat that isn't older than dirt
(measured in Internet years)? 5.5.4 cam
Hi
I am using Tomcat 5.5.4 under Unix Sun Solaris.
I have a servlet that should be executed on web.xml
http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.
Ashish Jain wrote:
any takers for this Q???
On Thu, Jul 15, 2010 at 1:38 PM, Ashish Jain wrote:
Hi,
I have an application which uses non interactive login and hence utilizes
NONLogin Authenticator in tomcat. Here is a snippet from web.xml.
contextConfigLocation
/WEB-INF/app
any takers for this Q???
On Thu, Jul 15, 2010 at 1:38 PM, Ashish Jain wrote:
> Hi,
>
> I have an application which uses non interactive login and hence utilizes
> NONLogin Authenticator in tomcat. Here is a snippet from web.xml.
>
>
> contextConfigLocation
> /WEB-INF/application
Hi,
I have an application which uses non interactive login and hence utilizes
NONLogin Authenticator in tomcat. Here is a snippet from web.xml.
contextConfigLocation
/WEB-INF/applicationContext-security.xml
springSecurityFilterChain
org.springframework.web.fil
> From: Mats Eklund [mailto:mats.ekl...@yahoo.com]
> Subject: security-constraint in web.xml - order/priority
>
> If I have more than one security-constraint tags in my web.xml (some
> with, some without auth-constraints), which one takes precedence for a
> specific reques
Hi,
If I have more than one security-constraint tags in my web.xml (some with, some
without auth-constraints), which one takes precedence for a specific request?
Thanks,
Mats
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 1/4/2010 6:45 PM, Joe Hansen wrote:
> I just forgot to enable the HTTPS Connector! Login form is working now
> over https.
>
> redirectPort="8443" />
>
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol
e: Help with security-constraint in web.xml
>>
>> However, when I enter the login credentials and submit the
>> form, nothing happens. Somehow changing the redirectPort
>> seems to have broken the login form.
>
> Turn on the AccessLogValve to see what's reaching Tomc
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> However, when I enter the login credentials and submit the
> form, nothing happens. Somehow changing the redirectPort
> seems to have broken the login form.
Turn on
the login form.
I'm sure there must be a simple explanation. Chuck, please help me out!!
Thank you,
Joe
On Mon, Jan 4, 2010 at 3:25 PM, Caldarale, Charles R
wrote:
>> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
>> Subject: Re: Help with security-constraint in web.xml
&g
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> Only a couple of pages need to be served on HTTPS on our website. All
> the remaining pages could be accessed using just HTTP.
Then I'd use what you've got and
Chuck,
>> No, I said you could handle the SSL encryption/decryption in httpd; the
>> redirection still has to occur by Tomcat recognizing a reference to a
>> confidential resource.
I did configure the SSL on the httpd end
(c:\Apache\conf\extra\httpd-ssl.conf) file.
>> As far as how to do so, y
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Re: Help with security-constraint in web.xml
>
> You were saying that I should handle the forced HTTPS redirection of
> certain pages on the httpd end, right?
No, I said you could handle the SSL encryption/decryptio
es on the httpd end, right? Can you please elaborate on how
to do it or give me pointers on how it could be done?
Thank you!!
Joe
On Mon, Jan 4, 2010 at 2:57 PM, Caldarale, Charles R
wrote:
>> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
>> Subject: Help with security-cons
> From: Joe Hansen [mailto:joe.hansen...@gmail.com]
> Subject: Help with security-constraint in web.xml
>
> What do I need to do so that the user is directed to
> https://ourwebsite.com/spring_security_login instead
Fix the redirectPort attribute in your elements in conf/server.x
Hey all,
We are using Tomcat 6.0 / Apache 2.2. We would like the user to login
over HTTPS rather than plain HTTP.
So, I have defined the following security-constraint in the web.xml
file of our web application:
Login
Login
David Balažic wrote:
> Hi!
>
> Is the version mismatch in the web-app tag, like this:
>
> http://java.sun.com/xml/ns/javaee";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_
Hi!
Is the version mismatch in the web-app tag, like this:
http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";>
an error? Or is it vali
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 4/24/2009 3:27 AM, André Warnier wrote:
> Sriganesh Ananth wrote:
> What also still smells fishy is the line
>> Alias /test /var/www/testapp/
>
> Why is it there ? What does it achieve, that the following 2 lines do not ?
>> JkMount /*.do a
Sriganesh Ananth wrote:
Hi Andre,
I got Forbidden - You don't have permission to access
/test/WEB-INF/web.xml on this server.
Under httpd.conf, just before VirtualHost I have following to deny all
from accessing WEB-INF folder.
Httpd.conf configuration:
# Globally deny access to the WEB-INF d
Hi Andre,
I got Forbidden - You don't have permission to access
/test/WEB-INF/web.xml on this server.
Under httpd.conf, just before VirtualHost I have following to deny all
from accessing WEB-INF folder.
Httpd.conf configuration:
# Globally deny access to the WEB-INF directory
deny from
Sriganesh Ananth wrote:
Chuck, you rock!!!
That part, I tend to agree.
I changed the appBase to "/var/www" for Host, added "testapp" in the
Context docBase and restarted the tomcat and it worked!!!
But this part, and what follows :
Httpd.conf configuration:
DocumentRoot /var/www/testapp
in file system and reporting 404 error rather mapping in
>> web.xml
>
>> > unpackWARs="true">
>
> The above is wrong; the appBase should be "/var/www".
>
>> > directory="logs" prefix="oss.com_
> From: Sriganesh Ananth [mailto:sriganesh.anant...@gmail.com]
> Subject: Re: Tomcat migration 4.1.3 to 5.5.23: Tomcat5.5 searching
> servlet file in file system and reporting 404 error rather mapping in
> web.xml
>unpackWARs="true">
The above is wrong; the
gt; file in file system and reporting 404 error rather mapping in web.xml
>>
>> The issue is Tomcat 5.5.x looks for a servlet file under server's
>> physical file system and reporting HTTP 404 error rather than going to
>> the servlet mapping in web.xml.
>
> Post you
> From: Sriganesh Ananth [mailto:sriganesh.anant...@gmail.com]
> Subject: Tomcat migration 4.1.3 to 5.5.23: Tomcat5.5 searching servlet
> file in file system and reporting 404 error rather mapping in web.xml
>
> The issue is Tomcat 5.5.x looks for a servlet file under server&#x
mapping in web.xml. Tomcat 4.1.x doesn’t have this
problem. I am searching all support group from past many weeks and
still not able to resolve this issue.
Application Structure:
ROOT
--testapp
---test
index.html
WEB-INF
Dear Paul,
... the time period that tomcat spends honouring current requests
when the
server is shutdown?
We have a web app used for secure file transfers and occasionally we
need to
take it down, however some requests for downloads can take more than
an hour
as the system allows very la
... the time period that tomcat spends honouring current requests when the
server is shutdown?
We have a web app used for secure file transfers and occasionally we need to
take it down, however some requests for downloads can take more than an hour
as the system allows very large files to be uploa
Just so folks are aware, this has been solved. Apparently is was the
servlet that was resolving the location of the XML file based off the
Context Docbase, and there was a trick to getting it to realize that the
file path you were passing to it was a full file path and not a relative
file path.
In
Hmm... I tried this, and it looks as though Tomcat still pre-pends the
"/home/myuser/public_html/" to my XML file. My servlet throws the error:
java.io.FileNotFoundException:
/home/myuser/public_html/path/to/tomcat/conf/myservlet/myxmlfile.xml
and my file is really located at:
/path/to/tomcat/co
"Jordan Michaels" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I'm trying to set up a "init-param" in Tomcat's main web.xml file (the
> one in $CATALINA_HOME/conf/web.xml) that looks similar to the following:
>
>
>myServlet
>path.to.my.Servlet
>
>
1 - 100 of 133 matches
Mail list logo
