Hi Tomcat Users,
I'm having a problem with one of my server configurations (which has
come up repeatedly on this list) where various items in my servlet
contexts are unix symbolic links (on Solaris, RedHat, or MacOS X),
and since Tomcat 4.1.18 by default disallows following these symlinks
for security reasons, the configuration no longer works under 4.1.18.
Previously we ran this way with Tomcat 4.0.x and 3.x with no
problems, but the symlink behavior apparently changed in 4.1.x.
The solution (which has also come up repeatedly on the list) is
apparently to use the allowLinking flag, like this:
<Context ... some valid context ... >
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" />
</Context>
Now this is all well and good, and I'm pretty sure it will solve our problem.
It only has one drawback... we have many servlet contexts, and we
have never bothered to list them all in server.xml; we just let the
default context apply to everything.
So, is there a way to configure server.xml such that the *default*
behavior will be allowLinking="true", or do we have to manually list
every servlet context in server.xml?
From reading the documentation, I thought that something like this might work:
<Engine name="Standalone" defaultHost="localhost" debug="0">
<DefaultContext>
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" />
</DefaultContext>
</Engine>
but I tried it and it didn't seem to work using 4.1.18. Also, I
couldn't find any mention of this on the list; does anybody use a
configuration like this?
Oh, and in case anyone's curious, the configuration we use with all
the symlinks is one of our development configurations; our deployment
builds do not use symlinks at all, so the problem (and the security
issue) doesn't come up.
Any tips appreciated.
Thanks,
Scott Kelley
P.S. No, we don't want to change the default value in
FileDirContext.java and recompile tomcat, but thanks for the
suggestion! :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
