-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Tommy,
On 6/15/19 21:51, Tommy Pham wrote: > Hi Mark, > > After some research and thought about internal application flow, I > think the 'cleanest' is have TC's default servlet handle the *.html > requests and use the assigned filter to restrict the access as > desired. Is there a better approach? On that plan, I have this > mapping for TC's default servlet and init: > > Filter AppFilterAccessLog's servlet mapping: Servlet name: default > , registered class: org.apache.catalina.servlets.DefaultServlet. > Servlet default's mapping: /img/* /css/* /WEB-INF/* Uh... you sure you want that? What is stopping a client from requesting /WEB-INF/web.xml? > /js/* Servlet default's init parameters: listings: false debug: 0 > > If I use *.html instead of /WEB-INF/*, it goes into infinite loop > redirecting / forwarding until exception is thrown (I think that > root cause is servlets' startup ordering). Below are what my > access log filter see for HttpServletRequest: > > Attributes: javax.servlet.forward.request_uri=/erm-0.0.1-SNAPSHOT/ > javax.servlet.forward.context_path=/erm-0.0.1-SNAPSHOT > javax.servlet.forward.servlet_path= > javax.servlet.forward.path_info=/ > > javax.servlet.forward.mapping=org.apache.catalina.core.ApplicationMapp ing$MappingImpl@7fc1f887 > > org.apache.logging.log4j.web.Log4jServletFilter.FILTERED=true > Class: org.apache.catalina.core.ApplicationHttpRequest > DispatcherType: FORWARD [javax.servlet.DispatcherType] > HttpServletMapping: Class: > org.apache.catalina.core.ApplicationMapping$MappingImpl > MappingMatch: PATH MatchValue: setup/step_0.html Pattern: > /WEB-INF/* ServletName: default > > Below is from the actual filter assigned to TC's default servlet > intended to restrict access: > > ContextPath: /erm-0.0.1-SNAPSHOT DispatcherType: FORWARD PathInfo: > /setup/step_0.html PathTranslated: > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\setup\step_0.html > > Method: GET > RequestURI: /erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html > RequestURL: > http://localhost:8080/erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html > ServletPath: /WEB-INF ServletContext.ServletContextName: erm > response: org.apache.catalina.connector.ResponseFacade > > I think everything seems correct except the PathTranslated. It > should be: > > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\WEB-INF\setup\step_ 0.html > > where the file is. I'm unable to find out why it's wrong after a > couple hours of searching since the the browser shows an empty > page... The string "/WEB-INF/setup/step_0.html" was passed to > request.getRequestDispatcher(). According to the doc [1], " If the > path begins with a "/" it is interpreted as relative to the current > context root." everything is as it should be right, other than > PathTranslated? Or did I misunderstood the usage of > getRequestDispatcher().forward()? Currently, I have 4 filters in > place and all are in passive monitoring mode. None of them have > the code logic to perform their intended functions. 3 filters > mapped to URL /* and one assigned to TC's default servlet. I'll > work out their filtering order before the intended functions are > implemented. Filters are applied in a predictable order. I highly recommend reading the servlet specification to see how these things are defined to work. It's quite readable. Why not allow Tomcat to serve everything in the web application (other than /WEB-INF/* and /META-INF/*) as usual? What is it that you need to put into there that you can't hide in some other way? It sounds like you are unnecessarily complicating your life. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0F1yoACgkQHPApP6U8 pFgu2g//RlYf7TmtSzoh5pUsunI5U12r/y99sgO6nGe7cDyjqKeBUJrIOWU52ay4 hrUc/I7H2v9BT38bAB1ql4L963ssh7v11erjUtXYqENiBRNX6gF9KPzNkDYLqJqc Va5W+a8WpTiQDu5rW1TUP3sgSxRNtjrumLQou/afP6Mggadx9uDzIlN8WnUgHihX a2s3hsxU/uK4RYjNNXdZWB8Kyt+nb7C4PH197WV7zohvnxFLIa+JHnAXwu8BnD47 qLjAyfOEqycpH+jCQ0VOyz863KAM623tS20a6IVCmfGQdNtW3rYCjTiUl4Ck4c1Z vpe71rnNn+wnq3tKlv6KRvnIKkqdP/yda4c6zSqnLrQZJaHYivgU/kSGm74KgSaU jE/PQeRgbZVdWaaWMS+vY5n8BVinad+NZlP4clblzCnjCIEHRE1vlPN4jD5FAVY9 kF97H8r6o4wWamkHACSgiRvO6eXmL0E9I0hDOXayWLSoTeQP8kLuWbJYMcWCMy/t p1SlbIi8MvFB5ZLZPynMxC2vhxc2ecuN4qPwQSPhZci5ejUZ5FfNQ7Pq84yWNq6/ 6oTn9OpitGHoTQuC1EouClCS2Ky5NkwepbOrWzb7qbAA33q0UG0vE+9SZtbrqueV mCzh49FkuKxAlajrSWOKu1fm+HpLLYHacUXVoRuHGnXzd7vsVEg= =QyrT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
