Petr Hracek wrote:
Dear users,
I would like to asked you on the some thing regarding JSP pages.
On the Linux whereis installed apache 2.2.14 and tomcat 5.5.28
that's an old version of Tomcat. You should be using at least a 6.0.x version
by now.
I would
like to run
JSP pages.
JSP pages should be run over mod_proxy_ajp.
URL is:
http://<IP_address>/XYtest/jsp/Viewer/index.html
ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
ProxyPassReverse /XYtest/*.jsp ajp://localhost:8009/XYtest
JSP page is called from HTML (index.html) and FRAME src "view.jsp"
mentioned above.
but instead of showing JSP page HTML source code is shown.
Do you know what could be a reason?
in the Catalina configuration directory
(/etc/tomcat5/base/Catalina/localhost/XYtest.xml) is following context
file
test# cat /etc/tomcat/5/base/Catalina/locahost/XYtest.xml
<?xml version='1.0' encoding='utf-8'?>
<Context docBase="/opt/test/XYtest" allowLinking="true">
</Context>
test#
structure in Linux is:
/opt/test/XYtest/jsp/Viewer where are located files index.html and
view.jsp which is part of FRAME
As a general observation : it looks like you are trying to serve the same directory from
Apache httpd and from Tomcat. That is generally a quite bad idea in terms of security,
and also in terms of confusion, as you are experiencing here.
To understand what is happening, you must look at it from the browser point of
view.
Step 1 :
Your initial html document "index.html" is :
<frameset rows="63,40,*" frameborder="0">
<frame src="logo.html" name="logo" noresize scrolling="no"
marginwidth="0" marginheight="
0">
<frame src="View.jsp" name="toolbar" noresize scrolling="no"
marginwidth="0" marginhei
ght="0">
<frame src="View2.jsp" name="ctrl">
</frameset>
and the browser loads it from the URL :
http://<IP_address>/XYtest/jsp/Viewer/index.html
Step 2 :
In this document, the browser finds a reference to another document :
<frame src="View.jsp" ..>
The browser interprets that relative URL on the base of the origin of the current page,
and then it asks the server for that document.
So the browser requests the document (the inside frame) from the URL :
http://<IP_address>/XYtest/jsp/Viewer/View.jsp
Step 3 :
The Apache httpd server receives the request for
http://<IP_address>/XYtest/jsp/Viewer/View.jsp
and it tries to match it with your proxy statement :
ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
It does not match (see below), so Apache httpd serves it itself, directly from
disk.
That is why you see the source : Tomcat never sees this request, and Apache has no idea
that a ".jsp" file is anything else than text.
Now why does it not match ?
Because the ProxyPass directive does not understand wildcards or regexp.
For that, you should us "ProxyPassMatch", for example like this :
ProxyPassMatch "/XYtest/.*\.jsp$" ajp://localhost:8009/XYtest
But it is still a bad idea.
Why ?
Suppose that in the directory /opt/test/XYtest, there is a sub-directory named "WEB-INF",
and in that directory is a file "web.xml".
This file is a configuration file for your Tomcat web application, and it may contain
things like passwords for accessing a database for example.
For that reason (security), Tomcat /never/ allows a user to request a document within the
WEB-INF sub-directory of a web application.
But with your setup, anyone can ask for the URL :
http://<IP_address>/XYtest/WEB-INF/web.xml
and Apache httpd will happily return that file (also as a text file).
So, with you setup, you are bypassing an important security feature of Tomcat, because you
are allowing Apache httpd to go "around it".
There are different possibilities to fix your configuration.
The first one would be to do this in Apache :
ProxyPass /XYtest ajp://localhost:8009/XYtest
and NOT define the directory /opt/test/XYtest in any way in Apache.
That way, any request for a URL starting will /XYtest will be forwarded directly to
Tomcat, and Tomcat will happily serve html pages (like index.html) as well as Apache.
And it knows how to handle jsp pages too.
Now, if all you want to do is serve html pages and jsp pages, you could also wonder if you
need Apache httpd and mod_prox_ajp at all. You could set Tomcat to answer directly on port
80, get rid of Apache httpd, and simplify your configuration.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
