RE: A follow-up of my last post
Only if the Invoker is enabled, which it isn't by default.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 5:59 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
Thanks, Vim.
I read that page.
However, the web.xml you pasted here says
You may define any number of servlet mappings,
including zero.It is also legal to define more than
one mapping for the same servlet, if you wish to.
That means it is not necessary to map each servlet I
have in my web application right?
--- vim m [EMAIL PROTECTED] wrote:
Take a look at this web page.
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html
There is a sample web.xml file given here. You will
do
well do read that. In the web.xml file it does state
that servlets can be called without making an entry
in
the web.xml file by using -
http://host/context-path/servlet/classname.
But I have not tried it so far. The doc also says
that
this method is not portable. Have pasted the web.xml
file below:
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
!-- General description of your web application
--
display-nameMy Web Application/display-name
description
This is version X.X of an application to
perform
a wild and wonderful task, based on servlets
and
JSP pages. It was written by Dave Developer
([EMAIL PROTECTED]), who should be contacted
for
more information.
/description
!-- Context initialization parameters that
define
shared
String constants used within your
application, which
can be customized by the system
administrator
who is
installing your application. The values
actually
assigned to these parameters can be
retrieved
in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of context
initialization
parameters, including zero.
--
context-param
param-namewebmaster/param-name
param-value[EMAIL PROTECTED]/param-value
description
The EMAIL address of the administrator to
whom
questions
and comments about this application should
be
addressed.
/description
/context-param
!-- Servlet definitions for the servlets that
make up
your web application, including
initialization
parameters. With Tomcat, you can also send
requests
to servlets not listed here with a request
like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be
portable. It also
makes relative references to images and
other
resources
required by your servlet more complicated,
so
defining
all of your servlets (and defining a
mapping
to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be
retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of servlets,
including zero.
--
servlet
servlet-namecontroller/servlet-name
description
This servlet plays the controller role in
the MVC architecture
used in this application. It is generally
mapped to the .do
filename extension with a servlet-mapping
element, and all form
submits in the app will be submitted to a
request URI like
saveCustomer.do, which will therefore be
mapped to this servlet.
The initialization parameter namess for this
servlet are the
servlet path that will be received by this
servlet (after the
filename extension is removed). The
corresponding value is the
name of the action class that will be used
to
process this request.
/description
servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class
init-param
param-namelistOrders/param-name
param-valuecom.mycompany.myactions.ListOrdersAction/param-value
/init-param
init-param
param-namesaveCustomer/param-name
param-valuecom.mycompany.myactions.SaveCustomerAction/param-value
/init-param
!-- Load this servlet at server startup time
--
load-on-startup5/load-on-startup
/servlet
servlet
servlet-namegraph/servlet-name
description
RE: A follow-up of my last post
Correct. Search the archives for more info, or the BUGTRAQ database. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED
RE: A follow-up of my last post
Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated
RE: A follow-up of my last post
What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail
RE: A follow-up of my last post
Depends on your definition of grave, I guess. It was important enough that it was changed and included in future releases. Yes, if the Invoker servlet is disabled, you have to map your servlet in web.xml. For information, check $CATALINA_HOME/conf/web.xml, or check the archives, this is a FAQ. You'll need a servlet tag and a servlet-mapping tag for every servlet in your application if you choose not to use the Invoker servlet. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 12:30 PM To: Tomcat Users List Subject: RE: A follow-up of my last post What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional
RE: A follow-up of my last post
OK, thanks, I'll just try to follow the examples
applications' web.xml and give it a shot.
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Depends on your definition of grave, I guess. It
was important enough
that it was changed and included in future releases.
Yes, if the Invoker servlet is disabled, you have to
map your servlet in
web.xml.
For information, check $CATALINA_HOME/conf/web.xml,
or check the archives,
this is a FAQ. You'll need a servlet tag and a
servlet-mapping tag for
every servlet in your application if you choose not
to use the Invoker
servlet.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 26, 2003 12:30 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
What if I am the server administrator? In fact I
am.
Then I'll risk leaving a grave security hole, right?
But anyway, I would like to learn servlet mapping.
Where do we have some documents about servlet
mapping?
Suppose the invoker is disable, you said that have
to
map each and every servlet I have for my web
application, right?
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Not only is it not safe, it's not portable. If
your
webapp counts on this,
but then is deployed to a machine you don't
control,
there is a 99.99%
chance that server admin has the Invoker disabled
and won't enable it. Then
what will you do? Mapping your servlet in web.xml
will work all the time,
everywhere.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 11:29 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
I put the following segment of code in my x509
web.xml:
servlet-mapping
servlet-nameinvoker/servlet-name
url-pattern/servlet/*/url-pattern
/servlet-mapping
And then it starts to work. But you said that
this
is
not safe, right?
--- Turner, John [EMAIL PROTECTED] wrote:
That's why it isn't working.
As I said, the Invoker servlet is disabled by
default in recent versions of
4.1.x due to security reasons. It is enabled in
the /examples
application.
You can:
1) map your servlet(s) in your application's
web.xml
file and leave the
Invoker servlet disabled
OR
2) leave your web.xml alone and enable the
Invoker
servlet.
If you choose #2, and you're going into
production,
you should understand
the security issues before you go live. If your
web application may
be deployed on a server that you don't control,
you
should choose #1, since
that will work all the time.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 12:44 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
Virtually, I don't have anything for my /x509
web.xml.
Here is my /x509 web.xml:
beginning of x509 web.xml *
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
display-nameX509 Project/display-name
description
X509 Public Key Certificate Authentication
/description
/web-app
end of x509 web.xml *
I remember in earlier versions of Tomcat, any
web application should
work just fine with a primitive web.xml like so:
*** beginning of a primitive web.xml
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
/web-app
*** end of a primitive web.xml
Is the servlet mapping a new Tomcat rule? Is
there
any way I can have my web application work
without
mapping each servlet?
Thanks.
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Do you have a mapping for the servlet(s) in
your
application's web.xml
file?
The Invoker servlet is disabled by default in
recent
versions of 4.1.x for
security reasons, but it is enabled in the
/examples
web.xml.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 3:09 AM
To: [EMAIL PROTECTED]
Subject: A follow-up of my last post
Also please note that I have changed Marty
Hall's
ServletUtilities.java and ShowParameters.java
according my system.
=== message truncated ===
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional
RE: A follow-up of my last post
Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Take a look at this web page.
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html
There is a sample web.xml file given here. You will do
well do read that. In the web.xml file it does state
that servlets can be called without making an entry in
the web.xml file by using -
http://host/context-path/servlet/classname.
But I have not tried it so far. The doc also says that
this method is not portable. Have pasted the web.xml
file below:
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
!-- General description of your web application
--
display-nameMy Web Application/display-name
description
This is version X.X of an application to perform
a wild and wonderful task, based on servlets and
JSP pages. It was written by Dave Developer
([EMAIL PROTECTED]), who should be contacted
for
more information.
/description
!-- Context initialization parameters that define
shared
String constants used within your
application, which
can be customized by the system administrator
who is
installing your application. The values
actually
assigned to these parameters can be retrieved
in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter(name);
where name matches the param-name element
of
one of these initialization parameters.
You can define any number of context
initialization
parameters, including zero.
--
context-param
param-namewebmaster/param-name
param-value[EMAIL PROTECTED]/param-value
description
The EMAIL address of the administrator to whom
questions
and comments about this application should be
addressed.
/description
/context-param
!-- Servlet definitions for the servlets that
make up
your web application, including
initialization
parameters. With Tomcat, you can also send
requests
to servlets not listed here with a request
like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be
portable. It also
makes relative references to images and other
resources
required by your servlet more complicated, so
defining
all of your servlets (and defining a mapping
to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be
retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter(name);
where name matches the param-name element
of
one of these initialization parameters.
You can define any number of servlets,
including zero.
--
servlet
servlet-namecontroller/servlet-name
description
This servlet plays the controller role in
the MVC architecture
used in this application. It is generally
mapped to the .do
filename extension with a servlet-mapping
element, and all form
submits in the app will be submitted to a
request URI like
saveCustomer.do, which will therefore be
mapped to this servlet.
The initialization parameter namess for this
servlet are the
servlet path that will be received by this
servlet (after the
filename extension is removed). The
corresponding value is the
name of the action class that will be used to
process this request.
/description
servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class
init-param
param-namelistOrders/param-name
param-valuecom.mycompany.myactions.ListOrdersAction/param-value
/init-param
init-param
param-namesaveCustomer/param-name
param-valuecom.mycompany.myactions.SaveCustomerAction/param-value
/init-param
!-- Load this servlet at server startup time
--
load-on-startup5/load-on-startup
/servlet
servlet
servlet-namegraph/servlet-name
description
This servlet produces GIF images that are
dynamically generated
graphs, based on the input parameters included
on the request.
It is generally mapped to a specific request
URI like /graph.
/description
/servlet
!-- Define mappings that are used by the servlet
container to
translate a particular request URI
(context-relative) to a
particular servlet. The examples below
correspond to the
servlet descriptions above. Thus, a request
URI like:
http://localhost:8080/{contextpath}/graph
will be mapped to the graph servlet, while
a request like:
http://localhost:8080/{contextpath}/saveCustomer.do
will be mapped to the controller servlet.
You may
RE: A follow-up of my last post
That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Thanks, Vim.
I read that page.
However, the web.xml you pasted here says
You may define any number of servlet mappings,
including zero.It is also legal to define more than
one mapping for the same servlet, if you wish to.
That means it is not necessary to map each servlet I
have in my web application right?
--- vim m [EMAIL PROTECTED] wrote:
Take a look at this web page.
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html
There is a sample web.xml file given here. You will
do
well do read that. In the web.xml file it does state
that servlets can be called without making an entry
in
the web.xml file by using -
http://host/context-path/servlet/classname.
But I have not tried it so far. The doc also says
that
this method is not portable. Have pasted the web.xml
file below:
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
!-- General description of your web application
--
display-nameMy Web Application/display-name
description
This is version X.X of an application to
perform
a wild and wonderful task, based on servlets
and
JSP pages. It was written by Dave Developer
([EMAIL PROTECTED]), who should be contacted
for
more information.
/description
!-- Context initialization parameters that
define
shared
String constants used within your
application, which
can be customized by the system
administrator
who is
installing your application. The values
actually
assigned to these parameters can be
retrieved
in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of context
initialization
parameters, including zero.
--
context-param
param-namewebmaster/param-name
param-value[EMAIL PROTECTED]/param-value
description
The EMAIL address of the administrator to
whom
questions
and comments about this application should
be
addressed.
/description
/context-param
!-- Servlet definitions for the servlets that
make up
your web application, including
initialization
parameters. With Tomcat, you can also send
requests
to servlets not listed here with a request
like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be
portable. It also
makes relative references to images and
other
resources
required by your servlet more complicated,
so
defining
all of your servlets (and defining a
mapping
to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be
retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of servlets,
including zero.
--
servlet
servlet-namecontroller/servlet-name
description
This servlet plays the controller role in
the MVC architecture
used in this application. It is generally
mapped to the .do
filename extension with a servlet-mapping
element, and all form
submits in the app will be submitted to a
request URI like
saveCustomer.do, which will therefore be
mapped to this servlet.
The initialization parameter namess for this
servlet are the
servlet path that will be received by this
servlet (after the
filename extension is removed). The
corresponding value is the
name of the action class that will be used
to
process this request.
/description
servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class
init-param
param-namelistOrders/param-name
param-valuecom.mycompany.myactions.ListOrdersAction/param-value
/init-param
init-param
param-namesaveCustomer/param-name
param-valuecom.mycompany.myactions.SaveCustomerAction/param-value
/init-param
!-- Load this servlet at server startup time
--
load-on-startup5/load-on-startup
/servlet
servlet
servlet-namegraph/servlet-name
description
This servlet produces GIF images that are
dynamically generated
graphs, based on the input parameters
included
on the request.
It is generally mapped to a specific request
URI like /graph.
/description
RE: A follow-up of my last post
I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
