RE: A follow-up of my last post
Only if the Invoker is enabled, which it isn't by default. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 5:59 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Thanks, Vim. I read that page. However, the web.xml you pasted here says You may define any number of servlet mappings, including zero.It is also legal to define more than one mapping for the same servlet, if you wish to. That means it is not necessary to map each servlet I have in my web application right? --- vim m [EMAIL PROTECTED] wrote: Take a look at this web page. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html There is a sample web.xml file given here. You will do well do read that. In the web.xml file it does state that servlets can be called without making an entry in the web.xml file by using - http://host/context-path/servlet/classname. But I have not tried it so far. The doc also says that this method is not portable. Have pasted the web.xml file below: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app !-- General description of your web application -- display-nameMy Web Application/display-name description This is version X.X of an application to perform a wild and wonderful task, based on servlets and JSP pages. It was written by Dave Developer ([EMAIL PROTECTED]), who should be contacted for more information. /description !-- Context initialization parameters that define shared String constants used within your application, which can be customized by the system administrator who is installing your application. The values actually assigned to these parameters can be retrieved in a servlet or JSP page by calling: String value = getServletContext().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of context initialization parameters, including zero. -- context-param param-namewebmaster/param-name param-value[EMAIL PROTECTED]/param-value description The EMAIL address of the administrator to whom questions and comments about this application should be addressed. /description /context-param !-- Servlet definitions for the servlets that make up your web application, including initialization parameters. With Tomcat, you can also send requests to servlets not listed here with a request like this: http://localhost:8080/{context-path}/servlet/{classname} but this usage is not guaranteed to be portable. It also makes relative references to images and other resources required by your servlet more complicated, so defining all of your servlets (and defining a mapping to them with a servlet-mapping element) is recommended. Servlet initialization parameters can be retrieved in a servlet or JSP page by calling: String value = getServletConfig().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of servlets, including zero. -- servlet servlet-namecontroller/servlet-name description This servlet plays the controller role in the MVC architecture used in this application. It is generally mapped to the .do filename extension with a servlet-mapping element, and all form submits in the app will be submitted to a request URI like saveCustomer.do, which will therefore be mapped to this servlet. The initialization parameter namess for this servlet are the servlet path that will be received by this servlet (after the filename extension is removed). The corresponding value is the name of the action class that will be used to process this request. /description servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class init-param param-namelistOrders/param-name param-valuecom.mycompany.myactions.ListOrdersAction/param-value /init-param init-param param-namesaveCustomer/param-name param-valuecom.mycompany.myactions.SaveCustomerAction/param-value /init-param !-- Load this servlet at server startup time -- load-on-startup5/load-on-startup /servlet servlet servlet-namegraph/servlet-name description
RE: A follow-up of my last post
Correct. Search the archives for more info, or the BUGTRAQ database. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED
RE: A follow-up of my last post
Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated
RE: A follow-up of my last post
What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail
RE: A follow-up of my last post
Depends on your definition of grave, I guess. It was important enough that it was changed and included in future releases. Yes, if the Invoker servlet is disabled, you have to map your servlet in web.xml. For information, check $CATALINA_HOME/conf/web.xml, or check the archives, this is a FAQ. You'll need a servlet tag and a servlet-mapping tag for every servlet in your application if you choose not to use the Invoker servlet. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 12:30 PM To: Tomcat Users List Subject: RE: A follow-up of my last post What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional
RE: A follow-up of my last post
OK, thanks, I'll just try to follow the examples applications' web.xml and give it a shot. Mark --- Turner, John [EMAIL PROTECTED] wrote: Depends on your definition of grave, I guess. It was important enough that it was changed and included in future releases. Yes, if the Invoker servlet is disabled, you have to map your servlet in web.xml. For information, check $CATALINA_HOME/conf/web.xml, or check the archives, this is a FAQ. You'll need a servlet tag and a servlet-mapping tag for every servlet in your application if you choose not to use the Invoker servlet. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 12:30 PM To: Tomcat Users List Subject: RE: A follow-up of my last post What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional
RE: A follow-up of my last post
Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Take a look at this web page. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html There is a sample web.xml file given here. You will do well do read that. In the web.xml file it does state that servlets can be called without making an entry in the web.xml file by using - http://host/context-path/servlet/classname. But I have not tried it so far. The doc also says that this method is not portable. Have pasted the web.xml file below: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app !-- General description of your web application -- display-nameMy Web Application/display-name description This is version X.X of an application to perform a wild and wonderful task, based on servlets and JSP pages. It was written by Dave Developer ([EMAIL PROTECTED]), who should be contacted for more information. /description !-- Context initialization parameters that define shared String constants used within your application, which can be customized by the system administrator who is installing your application. The values actually assigned to these parameters can be retrieved in a servlet or JSP page by calling: String value = getServletContext().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of context initialization parameters, including zero. -- context-param param-namewebmaster/param-name param-value[EMAIL PROTECTED]/param-value description The EMAIL address of the administrator to whom questions and comments about this application should be addressed. /description /context-param !-- Servlet definitions for the servlets that make up your web application, including initialization parameters. With Tomcat, you can also send requests to servlets not listed here with a request like this: http://localhost:8080/{context-path}/servlet/{classname} but this usage is not guaranteed to be portable. It also makes relative references to images and other resources required by your servlet more complicated, so defining all of your servlets (and defining a mapping to them with a servlet-mapping element) is recommended. Servlet initialization parameters can be retrieved in a servlet or JSP page by calling: String value = getServletConfig().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of servlets, including zero. -- servlet servlet-namecontroller/servlet-name description This servlet plays the controller role in the MVC architecture used in this application. It is generally mapped to the .do filename extension with a servlet-mapping element, and all form submits in the app will be submitted to a request URI like saveCustomer.do, which will therefore be mapped to this servlet. The initialization parameter namess for this servlet are the servlet path that will be received by this servlet (after the filename extension is removed). The corresponding value is the name of the action class that will be used to process this request. /description servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class init-param param-namelistOrders/param-name param-valuecom.mycompany.myactions.ListOrdersAction/param-value /init-param init-param param-namesaveCustomer/param-name param-valuecom.mycompany.myactions.SaveCustomerAction/param-value /init-param !-- Load this servlet at server startup time -- load-on-startup5/load-on-startup /servlet servlet servlet-namegraph/servlet-name description This servlet produces GIF images that are dynamically generated graphs, based on the input parameters included on the request. It is generally mapped to a specific request URI like /graph. /description /servlet !-- Define mappings that are used by the servlet container to translate a particular request URI (context-relative) to a particular servlet. The examples below correspond to the servlet descriptions above. Thus, a request URI like: http://localhost:8080/{contextpath}/graph will be mapped to the graph servlet, while a request like: http://localhost:8080/{contextpath}/saveCustomer.do will be mapped to the controller servlet. You may
RE: A follow-up of my last post
That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Thanks, Vim. I read that page. However, the web.xml you pasted here says You may define any number of servlet mappings, including zero.It is also legal to define more than one mapping for the same servlet, if you wish to. That means it is not necessary to map each servlet I have in my web application right? --- vim m [EMAIL PROTECTED] wrote: Take a look at this web page. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html There is a sample web.xml file given here. You will do well do read that. In the web.xml file it does state that servlets can be called without making an entry in the web.xml file by using - http://host/context-path/servlet/classname. But I have not tried it so far. The doc also says that this method is not portable. Have pasted the web.xml file below: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app !-- General description of your web application -- display-nameMy Web Application/display-name description This is version X.X of an application to perform a wild and wonderful task, based on servlets and JSP pages. It was written by Dave Developer ([EMAIL PROTECTED]), who should be contacted for more information. /description !-- Context initialization parameters that define shared String constants used within your application, which can be customized by the system administrator who is installing your application. The values actually assigned to these parameters can be retrieved in a servlet or JSP page by calling: String value = getServletContext().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of context initialization parameters, including zero. -- context-param param-namewebmaster/param-name param-value[EMAIL PROTECTED]/param-value description The EMAIL address of the administrator to whom questions and comments about this application should be addressed. /description /context-param !-- Servlet definitions for the servlets that make up your web application, including initialization parameters. With Tomcat, you can also send requests to servlets not listed here with a request like this: http://localhost:8080/{context-path}/servlet/{classname} but this usage is not guaranteed to be portable. It also makes relative references to images and other resources required by your servlet more complicated, so defining all of your servlets (and defining a mapping to them with a servlet-mapping element) is recommended. Servlet initialization parameters can be retrieved in a servlet or JSP page by calling: String value = getServletConfig().getInitParameter(name); where name matches the param-name element of one of these initialization parameters. You can define any number of servlets, including zero. -- servlet servlet-namecontroller/servlet-name description This servlet plays the controller role in the MVC architecture used in this application. It is generally mapped to the .do filename extension with a servlet-mapping element, and all form submits in the app will be submitted to a request URI like saveCustomer.do, which will therefore be mapped to this servlet. The initialization parameter namess for this servlet are the servlet path that will be received by this servlet (after the filename extension is removed). The corresponding value is the name of the action class that will be used to process this request. /description servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class init-param param-namelistOrders/param-name param-valuecom.mycompany.myactions.ListOrdersAction/param-value /init-param init-param param-namesaveCustomer/param-name param-valuecom.mycompany.myactions.SaveCustomerAction/param-value /init-param !-- Load this servlet at server startup time -- load-on-startup5/load-on-startup /servlet servlet servlet-namegraph/servlet-name description This servlet produces GIF images that are dynamically generated graphs, based on the input parameters included on the request. It is generally mapped to a specific request URI like /graph. /description
RE: A follow-up of my last post
I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]