On Wed, 2 Oct 2002, micael wrote:
> Date: Wed, 02 Oct 2002 00:12:20 -0700
> From: micael <[EMAIL PROTECTED]>
> Reply-To: Tomcat Developers List <[EMAIL PROTECTED]>
> To: Tomcat Developers List <[EMAIL PROTECTED]>
> Subject: Re: Tomcat 4.1.12 and Servlet Access 404 Errors: BUG? One Last
> Assurance
>
> So I can understand, where is the difference in the code between Tomcat
> 4.1.10 and 4.1.12? And, do you mean that servlet mappings rather than
> being generic to some "servlet/*" path be individualized?
>
Let's assume that you have two servlets that are currently accessed via
the following URLs:
http://localhost:8080/myapp/servlet/com.mypackage.MyFooServlet
http://localhost:8080/myapp/servlet/com.mypackage.MyBarServlet
that no longer work in 4.1.12. To avoid changing all your URLs, you have
two basic choices:
(1) Re-enable the invoker servlet by uncommenting the
"/servlet/*" mapping in $CATALINA_HOME/conf/web.xml
(non-portable, might be open to future vulnerabilities)
(2) Explicitly add servlet definitions and mappings for
these two servlets:
<web-app>
<servlet>
<servlet-name>Foo</servlet-name>
<servlet-class>com.mypackage.MyFooServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Bar</servlet-name>
<servlet-class>com.mypackage.MyBarServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Foo</servlet-name>
<url-pattern>/servlet/com.mypackage.MyFooServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Bar</servlet-name>
<url-pattern>/servlet/com.mypackage.MyBarServlet</url-pattern>
</servlet-mapping>
</web-app>
The latter choice will selectively re-enable only the servlet mappings
that you actually need. This is also guaranteed to be portable across
servlet containers, whereas the "invoker" servlet is just a Tomcat
feature.
Craig
> At 12:26 PM 10/2/2002 +1000, you wrote:
> >micael wrote:
> > >
> > > I cannot access a webapp with the normal
> > > http://localhost:8080/myapp/servlet/mydirectory.MyServlet with Tomcat
> > > 4.1.12. (Also, the embedded Tomcat 4.1.12 in JBoss 3.0.3 runs fine except
> > > that it won't access the examples servlets.) The error shown is a 404 "The
> > > requested resource (/myapp/servlet/mydirectory.MyServlet) is not
> > > available.". The same thing runs fine with Tomcat 4.1.0., both with and
> > > without JBoss. Is this a BUG in Tomcat 4.1.12, or are there new
> > > constraints on reaching servlets from outside the container in 4.1.12?
> > >
> >
> >For security reasons (see the release notes for details), the invoker
> >servlet is disabled by default now. This servlet is what makes
> >/webapp/servlet/... paths invoke the given servlet. It's recommended
> >that you give explicit servlet definitions and mappings in the webapps's
> >web.xml instead.
> >
> >Michael
> >
> >--
> >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
