Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joshua,
On 3/9/2010 4:50 PM, Joshua Gregoire wrote:
<META HTTP-EQUIV="REFRESH"
CONTENT="0;URL=http://r18test2.kcc.edu/WebAdvisor2/WebAdvisor2";>
That looks fine. I hadn't seen that you already posted this in another
reply before I wrote mine. Sorry to duplicate effort.
The WebAdvisor2 app does do something behind the scenes once tomcat has it and
the url ends up
http://10.10.11.90:8080/WebAdvisor2/WebAdvisor2?TYPE=M&PID=CORE-WBMAIN&TOKENIDX=2044948188
It looks like WebAdvisor2 is trying to build its own redirect URL and
getting it all wrong. I would recommend contacting the authors of that
product to see what you'll have to do to get this to work properly.
That may also be part of the problem. I did not think of that, because
I thought that this webapp was "home-made", so that Joshua would know if
it did anything like that.
The URL also leads me to another doubt : it seems a bit strange to need
a "repeat" /WebAdvisor2/WebAdvisor2 in these URLs. Are you sure that
the application is in the right place under Tomcat ?
Also, I checked the IIS installation and configuration instructions for
isapi_redirect,
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
and I will confirm the following :
- the only "virtual directory" that should be necessary is the "jakarta"
one.
- the "mappings" that determine which URI's will cause IIS to redirect a
request through the isapi_redirector to Tomcat, are defined in the file
"uriworkermap.properties". There should be two lines in there like
/WebAdvisor2=worker1
/WebAdvisor2/*=worker1
(replace worker1 by whatever your Tomcat worker is named in
workers.properties)
Next, I will differ somewhat from the instructions as given in the page
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
If you add a second "virtual directory" to IIS, named "WebAdvisor2", and
map it to the disk directory where the files of the Tomcat webapp
"WebAdvisor2" reside, what you are doing is giving IIS direct access to
that disk directory. That means that, in the absence of a very careful
configuration of IIS, you are allowing IIS to bypass any security
precautions of Tomcat, and go get (and return to the user) some files
that should be accessible (or not) only through Tomcat and your webapp.
For example, the file "web.xml" of that webapp (normally located under
tomcat_dir/webapps/WebAdvisor2/WEB-INF) may contain setup parameters of
the webapp which you do not want a user to see (like passwords).
That is why Tomcat itself, will never allow a user to request any file
which resides in the WEB-INF subdirectory.
But by creating that second virtual directory under IIS, you could allow
a user to request the URI "/WebAdvisor2/WEB-INF/web.xml" and obtain the
content of that file in his browser, directly from IIS (Tomcat would
never know).
This is not a good idea in general.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
