Re: learning tomcat 7 on Linux
I agree with Olaf. My courses are for Tomcat 9. I would upgrade to 9. My course shows you in detail how to install 9 on Linux (although I use LinuxMint its all done with the bash shell so its should work just as as well on CentOSO) On Wed, Apr 8, 2020 at 11:50 AM Olaf Kock wrote: > > On 08.04.20 14:55, Andy Sloane wrote: > > Hi, > > I have set up a Linux CentOS 7 host, and have installed Tomcat 7... > > > > ... > > I would like to learn how to develop webapps. > > > I see no particular reason to start with Tomcat 7. Most of the code that > you will learn will be version independent, and the End of Life for > Tomcat 7 is already set to March 2021. I'd recommend to go with Tomcat > 9. Installation - especially for development purposes - will be trivial > and is easier for development anyway. > > I'm assuming you're running the old version, because that's what the > CenOS repositories hold. For development: No need to do this. > > I don't know Richard's course, but I assume that he'll talk about a > development environment and installing a new dev environment as well: > Use that, rather than whatever comes with CentOS. Access permissions on > the files of a development server are far simpler than on fully > public-server-enabled installs. > > Olaf > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
Re: learning tomcat 7 on Linux
Hi, A bit of self-promotion here. I just released a course, "Tomcat for Java Development" less than two weeks ago which includes coverage of Tomcat on Linux. I'm also releasing - later this week - a complementary course, "Java Application Development with Tomcat". The first course teaches how to install, configure, troubleshoot, and secure Tomcat. The second course focuses on the development of web applications using servlets and JSPs on Tomcat. Both are introductory level courses but they are very current and I think pretty good. They are also pretty short - less than 2 hours each. You can find "Tomcat for Java Development" on Pluralsight.com today and "Java Application Development with Tomcat" later in the week. Good luck! Richard On Wed, Apr 8, 2020 at 7:56 AM Andy Sloane wrote: > Hi, > I have set up a Linux CentOS 7 host, and have installed Tomcat 7... > > [root@db3 ROOT]# /sbin/tomcat version > Server version: Apache Tomcat/7.0.76 > Server built: Mar 17 2020 23:48:55 UTC > Server number: 7.0.76.0 > OS Name:Linux > OS Version: 3.10.0-1062.12.1.el7.x86_64 > Architecture: amd64 > JVM Version:1.8.0_242-b08 > JVM Vendor: Oracle Corporation > > I would like to learn how to develop webapps. > > This is just for a hobby - I'll never sell anything I write, and will never > be a dev. I currently work doing UNIXy stuff for a big US multinational. > This is just a thing on the side, like learning to play guitar. Can > someone please suggest some resources? > > Many thanks. > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
Re: Role/Path Based Access Valve?
Thanks, Chris. As I said it was hypothetical but I appreciate the help! On Tue, Mar 3, 2020 at 2:42 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Richard, > > On 3/3/20 09:14, Richard Monson-Haefel wrote: > > Thank you for your reply, Chris. > > > > I think I know where you are coming from when you say: > > > > "Why would you override the authorization decisions made by the > > application developers? > > > > To be transparent: I'm a developer not an operations person nor do > > I work for a large company so my use-case is hypothetical rather > > than actual." > > > > But that assumes that you are running a dev-ops shop where the > > developers also control all the operations and are responsible for > > cybersecurity. This scenario works fine in small companies where > > dev-ops is the SOP, but in larger organizations, it's not really > > feasible. It's been my experience that IT departments separate > > security responsibilities from development responsibilities. They > > cooperate, but the security folks are the ultimate gatekeepers for > > encryption, authentication, and authorization. This is done for > > the same reason that larger organizations - with big IT departments > > - separate the role of managing the database from developers who > > use it. > > So like slide 1 of this presentation? > > https://tomcat.apache.org/presentations.html#latest-locking-down-tomcat > > If the people responsible for security can't tell the developers to > fix something in the application, then there are much bigger problems > than the isolation of sec and dev. > > > If I'm ACME Bank and I have a slew of contractors working on an > > application that will manage the client's finances I do not want > > the contractors to decide what security privileges users should > > have - that's the role of operations or management or if hosting > > the client. > This is what requirements-gathering exercises are all about. If you > are a small devops shop, then it's all one thing. If you are a huge > corporation, requirements-gathering is the world's most excruciating > stage, because you can't do anything until ALL the requirements are > laid out in insane detail. Security requirements go into this process. > > So I understand that sometimes, band-aids need to be put into place. > But what you are asking for is a tourniquet. The band-aid is to > hand-edit the web.xml file and fix the roles. Anything else should be > so painful that you are forced to, ya know, TALK to your development tea > m. > > - -chris > > > On Tue, Mar 3, 2020 at 7:51 AM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Richard, > > > > On 3/3/20 08:26, Richard Monson-Haefel wrote: > >>>> Thank you, Mark. I was actually aware of how to do it using > >>>> the web.xml. > >>>> > >>>> I was looking for a valve that could do the same thing, and > >>>> here is the reason: > >>>> > >>>> If I, as the Tomcat admin, want to manage access permissions > >>>> (authorization) I can use the /tomcat/conf/web.xml file. > >>>> However, this file is overridden by matching elements in an > >>>> individual WAR. > > > > This will never work. If conf/web.xml is even allowed to set > > (and I'm not sure either way), they would be > > relative to every web application and not relative to the server's > > root. IT would be very difficult to manage this in the way you > > describe. > > > >>>> So If I say on the tomcat web.xml that only Bill and Ted have > >>>> access to path A, but an individual WAR's web.xml says that > >>>> Everyone has access to Path A, then the WAR web.xml wins, > >>>> right? > > > > Yes. (Bogus!) > > > >>>> If I use a valve I can short-circuit the process before it > >>>> even gets to the web application. In that way, no matter > >>>> what the developers put into the WAR I have multiple control > >>>> from Tomcat. Make sense? > > > > That does makes sense, but please help us understand the use-case. > > Why would you override the authorization decisions made by the > > application's developers? > > > > I'm not sure if you can do this at the "Server level", but you can > > use url-rewrite[1] to reject URLs
Re: Role/Path Based Access Valve?
Ok. That makes sense. Thanks again, Mark. On Tue, Mar 3, 2020 at 8:18 AM Mark Thomas wrote: > On 03/03/2020 13:50, Christopher Schultz wrote: > > Richard, > > > > On 3/3/20 08:26, Richard Monson-Haefel wrote: > >> Thank you, Mark. I was actually aware of how to do it using the > >> web.xml. > > > >> I was looking for a valve that could do the same thing, and here is > >> the reason: > > > >> If I, as the Tomcat admin, want to manage access permissions > >> (authorization) I can use the /tomcat/conf/web.xml file. However, > >> this file is overridden by matching elements in an individual WAR. > > > > This will never work. If conf/web.xml is even allowed to set > > (and I'm not sure either way), they would be > > relative to every web application and not relative to the server's > > root. IT would be very difficult to manage this in the way you describe. > > +1 > > >> If I use a valve I can short-circuit the process before it even > >> gets to the web application. In that way, no matter what the > >> developers put into the WAR I have multiple control from Tomcat. > >> Make sense? > > > > That does makes sense, but please help us understand the use-case. Why > > would you override the authorization decisions made by the > > application's developers? > > > > I'm not sure if you can do this at the "Server level", but you can use > > url-rewrite[1] to reject URLs based upon the logged-in user's roles. > > Search the user's manual for "user-in-role". > > The real difficulty here is that you are fighting how Java EE (and now > Jakarta EE) are architected / designed / intended to be used. > > The expectation is that security constraints are defined using roles in > web.xml and then users are mapped to roles in the container. > > If is often the case the application defined roles don't map to the > organisation roles in the authentication system. The fix for > https://bz.apache.org/bugzilla/show_bug.cgi?id=55477 should help with > that but that is still in discussion (it has been quiet for a while). > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
Re: Role/Path Based Access Valve?
Thank you for your reply, Chris. I think I know where you are coming from when you say: "Why would you override the authorization decisions made by the application developers? To be transparent: I'm a developer not an operations person nor do I work for a large company so my use-case is hypothetical rather than actual." But that assumes that you are running a dev-ops shop where the developers also control all the operations and are responsible for cybersecurity. This scenario works fine in small companies where dev-ops is the SOP, but in larger organizations, it's not really feasible. It's been my experience that IT departments separate security responsibilities from development responsibilities. They cooperate, but the security folks are the ultimate gatekeepers for encryption, authentication, and authorization. This is done for the same reason that larger organizations - with big IT departments - separate the role of managing the database from developers who use it. If I'm ACME Bank and I have a slew of contractors working on an application that will manage the client's finances I do not want the contractors to decide what security privileges users should have - that's the role of operations or management or if hosting the client. On Tue, Mar 3, 2020 at 7:51 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Richard, > > On 3/3/20 08:26, Richard Monson-Haefel wrote: > > Thank you, Mark. I was actually aware of how to do it using the > > web.xml. > > > > I was looking for a valve that could do the same thing, and here is > > the reason: > > > > If I, as the Tomcat admin, want to manage access permissions > > (authorization) I can use the /tomcat/conf/web.xml file. However, > > this file is overridden by matching elements in an individual WAR. > > This will never work. If conf/web.xml is even allowed to set > (and I'm not sure either way), they would be > relative to every web application and not relative to the server's > root. IT would be very difficult to manage this in the way you describe. > > > So If I say on the tomcat web.xml that only Bill and Ted have > > access to path A, but an individual WAR's web.xml says that > > Everyone has access to Path A, then the WAR web.xml wins, right? > > Yes. (Bogus!) > > > If I use a valve I can short-circuit the process before it even > > gets to the web application. In that way, no matter what the > > developers put into the WAR I have multiple control from Tomcat. > > Make sense? > > That does makes sense, but please help us understand the use-case. Why > would you override the authorization decisions made by the > application's developers? > > I'm not sure if you can do this at the "Server level", but you can use > url-rewrite[1] to reject URLs based upon the logged-in user's roles. > Search the user's manual for "user-in-role". > > - -chris > > [1] https://tuckey.org/urlrewrite/ > > On Tue, Mar 3, 2020 at 7:04 AM Mark Thomas > > wrote: > > > >> On 03/03/2020 12:27, Richard Monson-Haefel wrote: > >>> I've tried to find this but keep running into the three remote > >>> address valves (address, IP, and CIDR) what I'm looking for is > >>> an access valve > >> that > >>> uses roles from a realm that checks roles to either path or > >>> web > >> application > >>> identifiers - not remote address. This is classic > >>> authorization - role-based authorization. > >> > >> Servlet specification, version 4, section 13.2 & 13.8 in > >> particular. > >> > >> Mark > >> > >> - > >> > >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5eYMEACgkQHPApP6U8 > pFgR0RAApNme6FTo3wJ6GuJekpo4jMDFdavXtRR4f0yBJiHMve2iSzN9FELaJMp6 > 4rPgD0gNPA6BR/Sd4RSxJ2NcQ2zYiaboprJs3ub04LbruHcgrvPrcR8i/ZT7zm3R > TWvRQ47n2RkaVjvmdsZqGROQ6hSa6CHLgXSeWeDyBtjOnWNZIaXBdlpiyZlT8CAg > AT6PI6sehpx15KHEoSVxpS0zbHeLrkyIQqzKmyufZS4PMkROCQQr8Qr/SAmrpb67 > zF6Ulwq5wxhy5Zrp/wh2rUuBBm5TJEENR1RbeSuYFKP2Fb8pViUeNrtE1PKsAlBf > cYIL20+7H8Ib0aQgY9uCweIsKAHnOmmiZ2GHqKxarGjJ04iSz8P6IxyBMM1dAJJ9 > bbYOQ7hNFIerYtqlz2loEHmHcPJvEYCXVnHziWBDvPi39ajoc93TbmTcD7KHY8gC > NBAn
Re: Role/Path Based Access Valve?
Thank you, Mark. I was actually aware of how to do it using the web.xml. I was looking for a valve that could do the same thing, and here is the reason: If I, as the Tomcat admin, want to manage access permissions (authorization) I can use the /tomcat/conf/web.xml file. However, this file is overridden by matching elements in an individual WAR. So If I say on the tomcat web.xml that only Bill and Ted have access to path A, but an individual WAR's web.xml says that Everyone has access to Path A, then the WAR web.xml wins, right? If I use a valve I can short-circuit the process before it even gets to the web application. In that way, no matter what the developers put into the WAR I have multiple control from Tomcat. Make sense? On Tue, Mar 3, 2020 at 7:04 AM Mark Thomas wrote: > On 03/03/2020 12:27, Richard Monson-Haefel wrote: > > I've tried to find this but keep running into the three remote address > > valves (address, IP, and CIDR) what I'm looking for is an access valve > that > > uses roles from a realm that checks roles to either path or web > application > > identifiers - not remote address. This is classic authorization - > > role-based authorization. > > Servlet specification, version 4, section 13.2 & 13.8 in particular. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
Role/Path Based Access Valve?
I've tried to find this but keep running into the three remote address valves (address, IP, and CIDR) what I'm looking for is an access valve that uses roles from a realm that checks roles to either path or web application identifiers - not remote address. This is classic authorization - role-based authorization. -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
Re: this.getServletConfig() returns null
That worked! Thank you!
On Fri, Feb 14, 2020 at 1:10 PM Mark Thomas wrote:
> On 14/02/2020 18:29, Richard Monson-Haefel wrote:
> > Hi,
> >
> > I'm experimenting with using annotations. I created a Servlet with
> > annotations and then attempt to get the init parameters in the doGet()
> > method, but I keep getting a null value when I use
> > this.getServletConfig(). If I save the ServletConfig in an instance
> > variable from the init() method it works as expected. Shouldn't the
> > this.getServletConfig() return the configuration object instead of a
> null?
> > What am I missing?
>
> You need to call super.init(confg)
>
> Mark
>
>
> >
> > Here is a listing. The code is also attached. I've run it both with and
> > without a web.xml file (just the root element when present).
> > @WebServlet(
> > name="myservlet",
> > urlPatterns={"/"},
> > initParams={
> > @WebInitParam(name="name", value="Richard"),
> > @WebInitParam(name="greeting", value="Hola")
> > }
> > )
> > public class TheServlet extends HttpServlet {
> >
> > ServletConfig myConfig;
> >
> > public void init(ServletConfig config) throws ServletException{
> >myConfig = config;
> > }
> >
> > protected void doGet(HttpServletRequest request, HttpServletResponse
> > response) throws ServletException, IOException {
> >
> > // Set content type
> > response.setContentType("text/plain");
> >
> >// Get initialization parameters
> >
> >//ServletConfig config = this.getServletConfig();
> >//^^ The above returns null
> >
> >ServletConfig config = myConfig;
> >//^^^The above works
> >
> >if(config != null){
> > String name = config.getInitParameter("name");
> > String greeting = config.getInitParameter("greeting");
> > response.getWriter().println(greeting + " " +name);
> >}else{
> > response.getWriter().println("there is no config");
> >}
> > }
> > }
> >
> > Thanks in advance!
> >
> > Richard
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
this.getServletConfig() returns null
Hi,
I'm experimenting with using annotations. I created a Servlet with
annotations and then attempt to get the init parameters in the doGet()
method, but I keep getting a null value when I use
this.getServletConfig(). If I save the ServletConfig in an instance
variable from the init() method it works as expected. Shouldn't the
this.getServletConfig() return the configuration object instead of a null?
What am I missing?
Here is a listing. The code is also attached. I've run it both with and
without a web.xml file (just the root element when present).
@WebServlet(
name="myservlet",
urlPatterns={"/"},
initParams={
@WebInitParam(name="name", value="Richard"),
@WebInitParam(name="greeting", value="Hola")
}
)
public class TheServlet extends HttpServlet {
ServletConfig myConfig;
public void init(ServletConfig config) throws ServletException{
myConfig = config;
}
protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
// Set content type
response.setContentType("text/plain");
// Get initialization parameters
//ServletConfig config = this.getServletConfig();
//^^ The above returns null
ServletConfig config = myConfig;
//^^^The above works
if(config != null){
String name = config.getInitParameter("name");
String greeting = config.getInitParameter("greeting");
response.getWriter().println(greeting + " " +name);
}else{
response.getWriter().println("there is no config");
}
}
}
Thanks in advance!
Richard
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: Expression Language ${initParam.whatever} not working
Thanks, Mark. Your explanation was good but the code didn't do it.
On Mon, Feb 10, 2020 at 12:10 PM Mark Thomas wrote:
> On 10/02/2020 18:03, Richard Monson-Haefel wrote:
> > Hi Simon,
> >
> > Thanks for the response but I don't think that is the issue. I can use
> the
> > instead, but I want to use the initParam for the JSP page
> > which is named and mapped in the element. Perhaps I'm still
> > missing something.
>
> The EL implicit object initParam holds the *ServletConext*'s init
> params, not the Servlet's.
>
> You probably want something like (untested)
>
> ${ pageContext.servletConfig.initParameter("greeting_color") }
>
> Mark
>
>
> >
> > On Mon, Feb 10, 2020 at 12:00 PM Simon Funnell
> > wrote:
> >
> >> In your web.xml you want:
> >>
> >>
> >> greeting_color
> >> green
> >>
> >>
> >> I think you have defined an initialization parameter for the servlet,
> not
> >> the context.
> >>
> >> On Mon, 10 Feb 2020 at 17:54, Richard Monson-Haefel <
> >> monsonhae...@gmail.com>
> >> wrote:
> >>
> >>> Hi,
> >>>
> >>> Tomcat version: 9.0.30
> >>> Operating System: macOS 10.15.2
> >>>
> >>> While I can access my initParam vis a JSP scriptlet I cannot access the
> >>> same initial paramter EL expression.
> >>>
> >>> Here is the JSP code I'm using
> >>>
> >>>
> >>>
> >>>
> >>> >>> %>">Hello ${param.name} from
> hello.jsp
> >>>
> >>>
> >>> color is ${initParam["greeting_color"]}
> >>>
> >>>
> >>>
> >>> Here is my web.xml declaring the initial parameters
> >>>
> >>> http://xmlns.jcp.org/xml/ns/javaee";
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> >>> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
> >>>
> http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd
> >> "
> >>> version="4.0"
> >>> metadata-complete="true">
> >>>
> >>>
> >>>
> >>>
> >>> HiJsp
> >>> /hello.jsp
> >>>
> >>> greeting_color
> >>> green
> >>>
> >>>
> >>>
> >>> HiJsp
> >>> /hola/*
> >>>
> >>>
> >>>
> >>> Here is the output (source)
> >>>
> >>>
> >>>
> >>>
> >>> Hello richard from
> >>> hello.jsp
> >>>
> >>> color is
> >>>
> >>>
> >>>
> >>> I don't understand why the JSP expression <%= %> works but the EL
> >>> expression ${ } doesn't. I've tried many variations and other EL
> >> implicit
> >>> objects I've tried worked fine.
> >>>
> >>> What am I missing?
> >>>
> >>> The WAR is attached for your convenience.
> >>>
> >>>
> >>>
> >>> --
> >>> Richard Monson-Haefel
> >>> https://twitter.com/rmonson
> >>> https://www.linkedin.com/in/monsonhaefel/
> >>>
> >>> -
> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: Expression Language ${initParam.whatever} not working
Hi Simon,
Thanks for the response but I don't think that is the issue. I can use the
instead, but I want to use the initParam for the JSP page
which is named and mapped in the element. Perhaps I'm still
missing something.
On Mon, Feb 10, 2020 at 12:00 PM Simon Funnell
wrote:
> In your web.xml you want:
>
>
> greeting_color
> green
>
>
> I think you have defined an initialization parameter for the servlet, not
> the context.
>
> On Mon, 10 Feb 2020 at 17:54, Richard Monson-Haefel <
> monsonhae...@gmail.com>
> wrote:
>
> > Hi,
> >
> > Tomcat version: 9.0.30
> > Operating System: macOS 10.15.2
> >
> > While I can access my initParam vis a JSP scriptlet I cannot access the
> > same initial paramter EL expression.
> >
> > Here is the JSP code I'm using
> >
> >
> >
> >
> > > %>">Hello ${param.name} from hello.jsp
> >
> >
> > color is ${initParam["greeting_color"]}
> >
> >
> >
> > Here is my web.xml declaring the initial parameters
> >
> > http://xmlns.jcp.org/xml/ns/javaee";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
> > http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd
> "
> > version="4.0"
> > metadata-complete="true">
> >
> >
> >
> >
> > HiJsp
> > /hello.jsp
> >
> > greeting_color
> > green
> >
> >
> >
> > HiJsp
> > /hola/*
> >
> >
> >
> > Here is the output (source)
> >
> >
> >
> >
> > Hello richard from
> > hello.jsp
> >
> > color is
> >
> >
> >
> > I don't understand why the JSP expression <%= %> works but the EL
> > expression ${ } doesn't. I've tried many variations and other EL
> implicit
> > objects I've tried worked fine.
> >
> > What am I missing?
> >
> > The WAR is attached for your convenience.
> >
> >
> >
> > --
> > Richard Monson-Haefel
> > https://twitter.com/rmonson
> > https://www.linkedin.com/in/monsonhaefel/
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Expression Language ${initParam.whatever} not working
Hi,
Tomcat version: 9.0.30
Operating System: macOS 10.15.2
While I can access my initParam vis a JSP scriptlet I cannot access the
same initial paramter EL expression.
Here is the JSP code I'm using
">Hello ${param.name} from hello.jsp
color is ${initParam["greeting_color"]}
Here is my web.xml declaring the initial parameters
http://xmlns.jcp.org/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd";
version="4.0"
metadata-complete="true">
HiJsp
/hello.jsp
greeting_color
green
HiJsp
/hola/*
Here is the output (source)
Hello richard from hello.jsp
color is
I don't understand why the JSP expression <%= %> works but the EL
expression ${ } doesn't. I've tried many variations and other EL implicit
objects I've tried worked fine.
What am I missing?
The WAR is attached for your convenience.
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
