RE: Question on servlet determination
On 4/25/2013 12:52 PM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Question on servlet determination http://localhost:8080/examples/servlets/servlet/RequestInfoExample I get the example page with pathInfo=ll http://localhost:8217/examples/servlets/servlet/RequestInfoExample/ I also get the example page with pathInfo= My question is why the top url (with no trailing /) is getting the request at all, given the url-pattern in web.xml: servlet-mapping servlet-nameRequestInfoExample/servlet-name url-pattern/servlets/servlet/RequestInfoExample/*/url-pattern /servlet-mapping Likely because of these clauses in the spec: The container will recursively try to match the longest path-prefix. This is done by stepping down the path tree a directory at a time, using the '/' character as a path separator. The longest match determines the servlet selected. A string beginning with a '/' character and ending with a '/*' suffix is used for path mapping. (The above is from 3.0, section 12.1, rule 2, and section 12.2, first bullet.) But I haven't looked at the code to see how it's actually implemented. - Chuck I think you're right. It looks like it boils down to an interpretation of the rules. If you look a little further at the examples, this is an exact match for the /baz/* mapping. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 4/24/13 4:46 PM, Konstantin Kolinko wrote: No. With the following pattern requesting the ../foo/bar URI above results in 404 for me. (In current 7.0.x, should not be different from 7.0.39). url-pattern/servlets/servlet/RequestInfoExample/url-pattern Adding an extra / works correctly. My adding here is adding to request URI in web browser, . http://localhost:8080/examples/servlets/servlet/RequestInfoExample http://localhost:8080/examples/servlets/servlet/RequestInfoExample/ With clean 7.0.39: http://localhost:8080/examples/servlets/servlet/RequestInfoExample I get the example page with pathInfo=null http://localhost:8217/examples/servlets/servlet/RequestInfoExample/ I also get the example page with pathInfo=/ My question is why the top url (with no trailing /) is getting the request at all, given the url-pattern in web.xml: servlet-mapping servlet-nameRequestInfoExample/servlet-name url-pattern/servlets/servlet/RequestInfoExample/*/url-pattern /servlet-mapping The way I read that, the trailing /* is being interpreted as *. Am I missing something? Why does /servlets/servlet/RequestInfoExample not require a trailing / to be dispatched to that servlet? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJReVzNAAoJEBzwKT+lPKRYJM4P/1ZW3zOJMm5qLXWgFCIMZLKt 4h3176dZSPtBnvup0b8IRImLTJhMpHLyFGEbAh9ZCE4AaTbb0o7EiwwpE++oIu9M SKzaF0EdZhA9h7/3MpVw6jF5K9Jf7weBbEHC7VhDXYoBMmfH0WRQ6n+wFsT+H3+W k0oXlvC42BRkT+bOGCm5g9gd7XIflqtZ9kCG6bpL7dlvL614b4HTWARNVpFRJrZ9 VvC/sCo2WiJd+cbG2XURRQCHhdfVeaL6ndaL6qYVvVheNFslXWw997EcKxwFpd88 UtjPvDiBNjB1l9TqFVU/Qntrv0j+NMVlQzIh13lsqLgpm+MWZ2tBbP72ZzY5tSWg QIV4+qYhL5YTrN8+Y7aLrr0qovjvXQMZCtxTxYJWJ1fuNswHeArO66vJUIvxce1O fePVIGI3PpWjzakmBPUJKyp5yiRRlGT9Cw7cqBV9wtMufyYLMBtebVoq+nntAN9q UfTQh13++XYjDFYqkDNdaXbbS7ebaL2a/Q2017GYLvxmrNOswUFbLDZvPuV4AJY6 5GvbNWAC8LnK0tDskp/3N4R7fqSpoi05xd72SCr45ud6Sbz893/r2W1cEPSl7Fpw LEUw1euiWh2yzTHILOuCfDvuPa0XU4qmACh1wnJlfqAzvrlV6Od+Vixa8bO+quQx mS4RmVAYKOfyWgYKUDBX =qAan -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Question on servlet determination http://localhost:8080/examples/servlets/servlet/RequestInfoExample I get the example page with pathInfo=null http://localhost:8217/examples/servlets/servlet/RequestInfoExample/ I also get the example page with pathInfo=/ My question is why the top url (with no trailing /) is getting the request at all, given the url-pattern in web.xml: servlet-mapping servlet-nameRequestInfoExample/servlet-name url-pattern/servlets/servlet/RequestInfoExample/*/url-pattern /servlet-mapping Likely because of these clauses in the spec: The container will recursively try to match the longest path-prefix. This is done by stepping down the path tree a directory at a time, using the '/' character as a path separator. The longest match determines the servlet selected. A string beginning with a '/' character and ending with a '/*' suffix is used for path mapping. (The above is from 3.0, section 12.1, rule 2, and section 12.2, first bullet.) But I haven't looked at the code to see how it's actually implemented. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
-Original Message- From: Neven Cvetkovic [mailto:neven.cvetko...@gmail.com] Sent: Tuesday, April 23, 2013 5:29 PM To: Tomcat Users List Subject: Re: Question on servlet determination From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection Jeffrey, why don't you just use catch all url pattern? Is there anything that you don't want to be part of the same security constraint? In this case security constraint just enforces SSL, but could do other things, check roles, etc. In that case you might want to split secure and non-secure resources ... (e.g. login page should not be secure and login action should be secure, etc...) What are you trying to achieve? Cheers! Neven IIRC, I originally had the /* entry, back in Tomcat 4.x, but it wouldn't force the move to https for any files directly asked for in the top level. For example, http://myhost/login.jsp would not switch to https until after you entered your login information. If I get some free time, I'll probably be retesting, but, yes, I'm also going to be adding a section that will be using a different auth method for a third servlet. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
-Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, April 23, 2013 10:35 PM To: Tomcat Users List Subject: RE: Question on servlet determination From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern - Chuck Thanks for the hint Chuck, but no change. I still get the 404 error page. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeff, On 4/23/13 5:45 PM, Jeffrey Janner wrote: -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. If you have a servlet mapped to /Servlet1 (and /Servlet2), why should there be any redirecting at all? That should only happen if the DefaultServlet is handling the request and /Servlet1 refers to a directory (or something that looks like one). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJReBQ/AAoJEBzwKT+lPKRYnVUP/A32hsNrCKupzCtQSHeolP9X WsWWP7Vy1svMG/9aFPbbvMmpV4YPDp+lxUy615q2jiP7o5Ys/Ovu5SemCqoZRhYh 1Aj/vgESnUQtQDCQwny7XUMErWkWsC8C6TWpQ+SNoD+iQlNnXgArztQS2Ufl0rRX h4FjF+/6R8+mcfPUlpOmSOwFl45DjQEocOuWdfYewtlZkzNu0dZxZ7S10RBq0ATu loaMKC/dFvgSa/vqf5wwVW69zqlMVVh0/y7JFgN71zyv7i2VJCGqDHEPPBEFV5/O el4b5Q3wjb6Bk99sv4sDOyC85eUcN0SaDkb9ygTkkuamI3sdZxl06ej/AJU/TIOn 5bLBn89N8DKqLu6t7qI5M4yQ+dqGx6SmqGtGgG71+MoJ+BpcmQKciJf9wC2kh6nA JYdOXxRb7297guzZxL9gw7uz9asVV7TVWH1SHm2jzXkxaezu2OXpWX3FRocQU66q +/PlH0gry9bjGyWfM6KKAb1rRRYKF6r5NxKMjDVKIwPIYmPpeFeSZ78koGAMhruS k+T0N/iTQ8nLsM0qBkiMffZv8Mgr1AMygP0v7NB407S0q4HF28y5v5ZpwqnRU1Cu fgO76UgnHYkZkegO3pQkwfzzIIO9HoPxk2pqKTzi9ttgI9QXeVvWJxcj65SSjshL 71xkuFIhbmh/9Pc5AlW4 =c7ZG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 4/23/13 11:35 PM, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern While that should work, the original mapping should work, too. The request for /Servlet1 (plus a slash on the end) should be sent to Servlet1 with pathInfo=/. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJReBS1AAoJEBzwKT+lPKRYmUEQALFahIXLw0D5N4hPQ+KmWHsv MxERJGJCMVD8QAc7EXK1FatSauRiy1cB13Ae5SVRdIvlwC1nbQLgTA9bDrVZHX/R Ut8LvWlxPCTfihOPOQpPN4upGWOM7VyC4uDo6pXXF70TiBAvL1JuRVQvoBkF8u4X 2m0biF8qEa8gJXeWf0+m7GgbC7ytLQLQa/l5LGeBwnMq5gbvjP9QrbNr517PQhp4 dsDnP72feP0HP5nk3tVtLuPab3Gz7zwWY1kbW/8UsBNchioBIvkCDzBfK1WcJaYi F2JdA0NsbssR02jy/i+L+RlXtvuyUR2SlfLIwIg/vaCMUA3bjLfHW0QFB7P6/Qjc +cTgckryIDzU1tI+eyALDn5pcKoR/agl1N7EU3kAQ7L9Al+ONnTkE18lHDnoBHtc q7LWS5GXDDqvZO/iA713d+xGYgDm+W6SYXLhErK8N7P+ze0hI2/l4gKV0aBtLT5e gOa+tFrQEJDiHg/RE4N0l4hKhZFJ4kp+/cE/Q59ul4FFTuJhUf574sPBDq2aRcv4 q0degEfLxnfFtP1oxwjpviAfdN2ZccBpHTlwZ4CL5kQ2K7d5y7G96ldQSEeJksrS HDDNfohwQVJN62Wo29Ld3W7zJ0v5xgLDn+E6aJq+zldBjRu8iTlnli20nWTHnVRq apntFNgcpDZCpWXoWLuj =GhL+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 24, 2013 12:20 PM To: Tomcat Users List Subject: Re: Question on servlet determination -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeff, On 4/23/13 5:45 PM, Jeffrey Janner wrote: -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. If you have a servlet mapped to /Servlet1 (and /Servlet2), why should there be any redirecting at all? That should only happen if the DefaultServlet is handling the request and /Servlet1 refers to a directory (or something that looks like one). - -chris I was specifically using the terminology in the 2.5 spec. To quote from page 72, the section on Welcome Files: Consider a Web application where: • The deployment descriptor lists the following welcome files. welcome-file-list welcome-fileindex.html/welcome-file welcome-filedefault.jsp/welcome-file /welcome-file-list • The static content in the WAR is as follows /foo/index.html /foo/default.jsp /foo/orderform.html /foo/home.gif /catalog/default.jsp /catalog/products/shop.jsp /catalog/products/register.jsp • A request URI of /foo will be redirected to a URI of /foo/. • A request URI of /foo/ will be returned as /foo/index.html. • A request URI of /catalog will be redirected to a URI of /catalog/. • A request URI of /catalog/ will be returned as /catalog/default.jsp. • A request URI of /catalog/index.html will cause a 404 not found • A request URI of /catalog/products will be redirected to a URI of / catalog/products/. • A request URI of /catalog/products/ will be passed to the “default” servlet, if any. If no “default” servlet is mapped, the request may cause a 404 not found, may cause a directory listing including shop.jsp and register.jsp, or may cause other behavior defined by the container. See Section SRV.11.2, “Specification of Mappings” for the definition of “default” servlet. But then, I could have been interpreting that incorrectly, since I think it's referring to requests into directories, not Servlets. The more I think about it, the more I'm sure it's our code. There are no directories that match the servlet names. Tomcat is correctly matching the servlet name, and passing the rest of the request string to the servlet, null in the first case, and / in the second. Our code assumes a null string means put up a specific page but doesn't know what to do with a / (have not researched, but probable). It's not really relying on the welcome-list at all. That makes even more sense when you understand that both servlets have the same document base (the Web directory), and both welcome files are in that directory, yet each servlet manages to put up the servlet-specific welcome file. Does that start to make sense, Chris? Jeff
Re: Question on servlet determination
2013/4/24 Christopher Schultz ch...@christopherschultz.net: On 4/23/13 11:35 PM, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern While that should work, the original mapping should work, too. The request for /Servlet1 (plus a slash on the end) should be sent to Servlet1 with pathInfo=/. No. An URL that does not end with /* is used for exact matching only. /foo and /foo/* are two different mappings. BTW, 1. in the examples webapp of Tomcat 6 and Tomcat 7 there is RequestInfoExample servlet that you can play around with. E.g. http://localhost:8080/examples/servlets/servlet/RequestInfoExample/foo/bar Adding an extra / works correctly. 2.Handling of welcome files in Tomcat 7 depends on strict servlet compliance setting (see Migration guide and system properties page in Configuration reference). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 4/24/13 3:56 PM, Konstantin Kolinko wrote: 2013/4/24 Christopher Schultz ch...@christopherschultz.net: On 4/23/13 11:35 PM, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern While that should work, the original mapping should work, too. The request for /Servlet1 (plus a slash on the end) should be sent to Servlet1 with pathInfo=/. No. An URL that does not end with /* is used for exact matching only. /foo and /foo/* are two different mappings. BTW, 1. in the examples webapp of Tomcat 6 and Tomcat 7 there is RequestInfoExample servlet that you can play around with. E.g. http://localhost:8080/examples/servlets/servlet/RequestInfoExample/foo/bar Adding an extra / works correctly. I notice that, although the url-pattern is /servlets/servlet/RequestInfoExample/*, the trailing / is not required in order to get the request mapped properly. That's surprising to me given that /foo and /foo/* should be two different mappings. I'm specifically looking at the examples in Tomcat 7.0.39. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJReEIQAAoJEBzwKT+lPKRYtLUP/jdO4O/smOvVPL96PJdyk21T 4JPm7qFLk4dNHDnwr0NUwdeEoJBaKwmVSyTMrvLu1FbhUpaUv4jhQtgV5480k27e fnQhF4vwuyQaR1dOWb3j69m+soqukQHaU9TEVdl70i++gPrez6vra6mlc+FqOhXV r6/JSPucCHl8zvAeeNBqui5XY4hVgk7HeIO9ko8Jj8qjvLRpUhaaEHuqeL6lI14B MohH8CALTyRAvTRtsxmJZr/bb7w8nd274c1UkC/X93qBSNoIponck3SVYMaGFmxQ HzTCnfpIhX60xAOETh3ltbxzXG4/uyW/ay/WkAFst8uOvgXB5BclE4OAOHYHI13k opCGxg4vuP8ts9OcOTJG1UGa9cMTWwtHnUbbcvY76Y674nMfC45eP1CKXdTRD0AI sPPnARL6RRfcX7/jsVdF6I+rzKkjq+7mOQhYOJL02PgB/ccfS8ryHHxU5dWNRsmG OBcKnSHjtgesjb8nq2d35nOKTs9YCxdOoyrS44CGTWWzbEJb5SN/6JNdTYNfV5pJ 6hsUjdylhtnUixxs08QTqonNQJWEB6RjxWFU2neGgk1ytWpBsNMEARPb4CEWs1Do FVmBDeNsGOYVgW/DloSndUwtig8TP3z0uAsochLUx/8SJg4bkkzm9WP46Enzmog/ 3dazWAjtzWd8sy+2mtmS =c5IT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
2013/4/25 Christopher Schultz ch...@christopherschultz.net: Konstantin, On 4/24/13 3:56 PM, Konstantin Kolinko wrote: 2013/4/24 Christopher Schultz ch...@christopherschultz.net: On 4/23/13 11:35 PM, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern While that should work, the original mapping should work, too. The request for /Servlet1 (plus a slash on the end) should be sent to Servlet1 with pathInfo=/. No. An URL that does not end with /* is used for exact matching only. /foo and /foo/* are two different mappings. BTW, 1. in the examples webapp of Tomcat 6 and Tomcat 7 there is RequestInfoExample servlet that you can play around with. E.g. http://localhost:8080/examples/servlets/servlet/RequestInfoExample/foo/bar Adding an extra / works correctly. I notice that, although the url-pattern is /servlets/servlet/RequestInfoExample/*, the trailing / is not required in order to get the request mapped properly. That's surprising to me given that /foo and /foo/* should be two different mappings. I'm specifically looking at the examples in Tomcat 7.0.39. No. With the following pattern requesting the ../foo/bar URI above results in 404 for me. (In current 7.0.x, should not be different from 7.0.39). url-pattern/servlets/servlet/RequestInfoExample/url-pattern Adding an extra / works correctly. My adding here is adding to request URI in web browser, . http://localhost:8080/examples/servlets/servlet/RequestInfoExample http://localhost:8080/examples/servlets/servlet/RequestInfoExample/ Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing
RE: Question on servlet determination
-Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. Jeff From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
Is that right? I didn't realize that. I was about to ask if you had any reference / before any of the welcome files. Although I'm not sure the XML file would even allow that would it? I don't think I've tried it. Maybe it would. -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 4:46 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. Jeff From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection Jeffrey, why don't you just use catch all url pattern? Is there anything that you don't want to be part of the same security constraint? In this case security constraint just enforces SSL, but could do other things, check roles, etc. In that case you might want to split secure and non-secure resources ... (e.g. login page should not be secure and login action should be secure, etc...) What are you trying to achieve? Cheers! Neven Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https.
RE: Question on servlet determination
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org