Re: tomcat Webapp security.

Tue, 23 Jan 2007 10:15:07 -0800 

Thanks. I'll look it up. :)


----- Original Message ----
From: Christopher Schultz <[EMAIL PROTECTED]>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Tuesday, January 23, 2007 1:11:58 PM
Subject: Re: tomcat Webapp security.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sachin,

Sachin Patel wrote:
>> Another option is to place your uploaded files in a particular 
>> subdirectory and then configure the JSP servlet to ignore that 
>> directory. Or probably more appropriately, configure that directory
>> to serve everything through the generic servlet that just does
>> static content.
> 
> This is exectly what I want, can I know where I can find little bit
> more detail on this?

I'm not sure if this is documented anywhere, but it would be a nice trick.

Start by looking at the standard web.xml that comes with Tomcat. Here's
the mapping for the JSP servlet (this is from TC 5.5.20's web.xml)

    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>*.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>*.jspx</url-pattern>
    </servlet-mapping>

(Not sure why this mapping is in there twice, but whatever...)

And here is what is declared for the default servlet:

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

I would imagine that the "default" servlet is available for mapping from
within your webapp's web.xml file. So, try something like this:

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/treat-as-static/*</url-pattern>
    </servlet-mapping>


You'll definitely want to test this to make sure that nothing slips
through the cracks, but it might put you on the right track.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtk/u9CaO5/Lv0PARAv14AJwLekteXL/S3b7uYFvm56IEjB0iIQCfUrTO
GLn9YWyaF21zXVNl1VE+Ds8=
=MWiC
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


 
____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited

Reply via email to