I've taken a quick crawl through the code and want to re-suggest a possible
cause for the problems we're seeing on 3.2.2 dealing with requests to the
WEB-INF directory.
First of all, this is really the first time I've been through the tomcat
code, and I've done it quickly so there's a high chance for error. However,
I've tracked the following path:
ContextManager.service
ContextManager.internalService
ContextManager.processRequest
SimpleMapper1.requestMap
My assumption here is that ContextManager.service is a main entry point...it
appears to be called by almost everything AND has a comment to that effect.
>From that point, there are not many branch points until you reach
SimpleMapper1.requestMap. The first thing requestMap does is check if
you're asking about the WEB-INF directory and returns 404 if you are. So,
my working theorey is that anything that calls ContextManager.service,
whether its loading a class from a .jar file, getting a configuration
file...anything...will be vetoed by SimpleMapper1.requestMap.
A fix I would suggest - change SimpleMapper1.requestMap to only veto
requests to the "standard" tomcat files - directory browsing and web.xml.
We can fine tune it later, but this appears to be a quick dirty fix.
Someone more familar with the code could verify it for me: am I way in left
field?
Brian Flynn
