Hi Robert,
Thanks for your help.
After I added that readonly into web.xml, I can put files into
/webapps/incoming. Right now it is ok for me. Because user ONLY
can put files under /webapps/incoming dir.
Also, in this way, tomcat does not require userID and password.
Now there are three questions:
1. How to config to force using userID and password? I add
putusero1
into "tomcat-users.xml", it's useless.
2. How to config another servlet to handle PUT in web.xml?
<servlet>
<servlet-name>PUT</servlet-name>
<servlet-class>org.apache.jasper.servlet.???????</servlet-class>
<init-param>
<param-name>????1</param-name>
<param-value>????1</param-value>
</init-param>
<init-param>
<param-name>????2</param-name>
<param-value>????2</param-value>
</init-param>
<load-on-startup>?</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>PUT</servlet-name>
<url-pattern>/MyPUT/PUT-Handler</url-pattern>
</servlet-mapping>
3. How to turn on client request log in tomcat side?
Thanks
Jimmy
-----Original Message-----
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 12:07 PM
To: 'Tomcat Users List'
Subject: RE: HTTP PUT - HOW TO CONFIG?
The problem is that the default servlet is handling the request(s)
unless
you have some other servlet do it. By default, the doPut() will check to
see
if the readonly property has been changed to false. If it has not,
default
behavior, it will return the forbidden error. If you change this to
false,
then you loose control of security and anything sent via a PUT will be
allowed. You may want this but it also leaves you open to easy attacks.
If you are sure you want to do this, try adding the following to the
default
servlet's configuration in the web.xml file. Where this is could vary
based
on the version of Tomcat you are running.
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
Most would prefer not to do this and would prefer to either write a
filter
or servlet to track the PUTs and have something to protect your system.
You will not see anything in a log file because the default servlet does
not
write anything to the logs when it refuses the request.
For Tomcat 5.0 the document to read on what the default servlet does and
doesn't do would be found here.
http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html
Robert S. Harper
Senior Engineer
Information Access Technology, Inc.
1100 East 6600 South, Suite 300
Salt Lake City Utah USA 84121-7411
(801)265-8800 Ext. 255
FAX (801)265-8880
-----Original Message-----
From: Zhan, Jimmy [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 10:48 AM
To: Tomcat Users List
Subject: RE: HTTP PUT - HOW TO CONFIG?
Hi,
I got some progress.
I used a Python program to send a HTTP PUT request to my tomcat
server.
The Python allow my pick any local file to upload to tomcat server
box.
And I got response back from tomcat with error code 403(Forbidden).
I'm thing, tomcat can handler the HTTP PUT, but need do something
about
config. Hope someone can help out of this config crabe.
I have the client side log to look at, but I don't see any log in
tomcat server side. Could anyone tell me how to turn on tomcat
tracing log? I have 8 default log files there, but none tracing this
test.
They are:
admin.2007-01-26.log,
catalina.2007-01-26.log,
host-manager.2007-01-26.log,
jakarta_service_20070126.log,
locahost.2007-01-26.log,
manager.2007-01-26.log,
stderr_20070126.log,
stdout_20070126.log.
Here is my test client side tracing:
----------------------------------------------------------------------
<<Command line command>>
C:\Python25>Python QuickPut.py -v C:\Python25\put.txt
http://localhost:8080/incomming/put_test1.txt myUserID myPasswd
<<Tracing>>:
Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt
Auth: {'uname': 'myUserID', 'pswd': 'myPasswd'}
HEAD response code: 404
Response headers: Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1024
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
HEAD response code: 404
Response headers: Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1024
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
PUTing to: http://localhost:8080/incomming/put_test1.txt
Data: Content-Length: 29, Snippet: "This is a HTTP PUT test file."
Getting reply...
Got reply
Done: 403: Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 964
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
