About this issue, I already pointed it out by commenting to JSR-154 servlet 2.4. Actually invoker-like features in web containers have provided servlet deployers with non-standard ways to invoke a servlet by sending a request message including "/servlet/fully-qualified-class-name-of-a-servlet". A few months ago I found that an initial invoker-style call to a servlet also made an instance from the servlet class and there was no identification (or name) of the instance because invoker-style let a servlet deployer care about nothing with "servlet name-servlet class" mapping in deployment descriptor. I called the instance "implicitly initiated servlet instance" and told JSR-154 the ambiguity.
Now, I realized that the problem stems from the existence of the "real" invoker in Tomcat and servlet deployers have taken it for granted. However, from Tomcat 4.1.12 and 4.0.5 we need a de facto principle on servlet name-servlet class-servlet mapping relationship. Principle: A servlet (class) should have a servlet name and a servlet mapping associated with that. In my opinion, servlet spec (possibly 2.4) has to mention the above statement in order to get rid of the ambiguity and obtain some clarity that will assure the relationship among servlet class, name, and mapping for not only servlet deployers but also servlet container implementors. At this moment, I'd like to say that we need a clearer statement. What I'm proposing is: A servlet (class) should have at least one servlet name and correspondent mapping for invocation. At a mathematical point of view, mapping from servlet class to servlet name is one-to-many. (conversely, servlet name to servlet class is injective.) This means a servlet class can have many servlet names, but a servlet name cannot be mapped to different servlet classes naturally. servlet name and servlet mapping goes the same road as well. Conclusion: servlet class <-- one-to-many --> servlet name <-- one-to-many --> servlet mapping Here's a typical example: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> <web-app> <servlet> <servlet-name>ias</servlet-name> <servlet-class>iasandcb.TestServlet</servlet-class> </servlet> <servlet> <servlet-name>cb</servlet-name> <servlet-class>iasandcb.TestServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ias</servlet-name> <url-pattern>/servlet/iasandcb.TestServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ias</servlet-name> <url-pattern>/servlet/TestServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>cb</servlet-name> <url-pattern>/servlet/cb</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>cb</servlet-name> <url-pattern>/cb</url-pattern> </servlet-mapping> </web-app> In this case, we have one servlet class "iasandcb.TestServlet" and it has two servlet name "ias" and "cb". Finally the names have two servlet mappings respectively, therefore we have four ways to invoke the servlet. http://localhost:8080/test/servlet/iasandcb.TestServlet (invoker style) http://localhost:8080/test/servlet/TestServlet http://localhost:8080/test/servlet/cb http://localhost:8080/test/cb Formula: the number of the invocation ways of a servlet = sum (the number of the servlet mappings) for each servlet name of the servlet (The above case, 4 = 2 + 2) I hope servlet spec and implementations can get more portablity and security from this chance. -----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 12:39 AM To: Tomcat Developers List Subject: Re: Tomcat 4.1.12 and Servlet Access 404 Errors: BUG? One Last Assurance On Wed, 2 Oct 2002, micael wrote: > Date: Wed, 02 Oct 2002 00:12:20 -0700 > From: micael <[EMAIL PROTECTED]> > Reply-To: Tomcat Developers List <[EMAIL PROTECTED]> > To: Tomcat Developers List <[EMAIL PROTECTED]> > Subject: Re: Tomcat 4.1.12 and Servlet Access 404 Errors: BUG? One Last > Assurance > > So I can understand, where is the difference in the code between > Tomcat 4.1.10 and 4.1.12? And, do you mean that servlet mappings > rather than being generic to some "servlet/*" path be individualized? > Let's assume that you have two servlets that are currently accessed via the following URLs: http://localhost:8080/myapp/servlet/com.mypackage.MyFooServlet http://localhost:8080/myapp/servlet/com.mypackage.MyBarServlet that no longer work in 4.1.12. To avoid changing all your URLs, you have two basic choices: (1) Re-enable the invoker servlet by uncommenting the "/servlet/*" mapping in $CATALINA_HOME/conf/web.xml (non-portable, might be open to future vulnerabilities) (2) Explicitly add servlet definitions and mappings for these two servlets: <web-app> <servlet> <servlet-name>Foo</servlet-name> <servlet-class>com.mypackage.MyFooServlet</servlet-class> </servlet> <servlet> <servlet-name>Bar</servlet-name> <servlet-class>com.mypackage.MyBarServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>Foo</servlet-name> <url-pattern>/servlet/com.mypackage.MyFooServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Bar</servlet-name> <url-pattern>/servlet/com.mypackage.MyBarServlet</url-pattern> </servlet-mapping> </web-app> The latter choice will selectively re-enable only the servlet mappings that you actually need. This is also guaranteed to be portable across servlet containers, whereas the "invoker" servlet is just a Tomcat feature. Craig > At 12:26 PM 10/2/2002 +1000, you wrote: > >micael wrote: > > > > > > I cannot access a webapp with the normal > > > http://localhost:8080/myapp/servlet/mydirectory.MyServlet with > > > Tomcat 4.1.12. (Also, the embedded Tomcat 4.1.12 in JBoss 3.0.3 > > > runs fine except that it won't access the examples servlets.) The > > > error shown is a 404 "The requested resource > > > (/myapp/servlet/mydirectory.MyServlet) is not available.". The > > > same thing runs fine with Tomcat 4.1.0., both with and without > > > JBoss. Is this a BUG in Tomcat 4.1.12, or are there new > > > constraints on reaching servlets from outside the container in > > > 4.1.12? > > > > > > >For security reasons (see the release notes for details), the invoker > >servlet is disabled by default now. This servlet is what makes > >/webapp/servlet/... paths invoke the given servlet. It's recommended > >that you give explicit servlet definitions and mappings in the > >webapps's web.xml instead. > > > >Michael > > > >-- > >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > >For additional commands, e-mail: > ><mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
