Saurabh Agrawal wrote:
Hi,
I have developed Struts 2 application which is deployed on Tomcat. I am using
Eclipse to do the coding and configured Tomcat with Eclipse to deploy the war
from Eclipse itself.
My requirement is that all static assets should be served from Apache HTTP
Server because in our production environment that will be the set up.
As a result, I have configured image URLS like –
<img src=”/common/images/test.jpg” />
The assumpition is common folder will be the present in the doc root. I have
copied common folder in the ROOT of Tomcat so that it can be accessed from
/common in the URL. However, my images are not getting picked with the above
URL.
I do not pretend to understand your complete setup here, but it looks to me like you are
setting yourself up for a very insecure website layout.
If you are locating resources in Tomcat's webapps/ROOT directory, but then serving them
with Apache HTTPD (and for that, mapping the Tomcat ROOT folder to make it directly
accessible from the HTTPD server), it means that for *everything* in the Tomcat
webapps/ROOT folder your are completely bypassing the Tomcat bultin security.
(For example, it means that HTTPD users will have direct access to Tomcat's ROOT/WEB-INF
folder files, whatever private information may be in there.)
HTTPS users will also have access to the source of whatever *.JSP pages you put
there.
Heed the bold text here :
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
The point is : by default, Tomcat "knows" that it should not serve anything from the
WEB-INF sub-ditectory, nor serve "raw" JPS's.
But HTTPD does not know that, and by default it will serve these things without having a
second look.
You /can/ make this secure by correct configuration, but it needs careful work, and it is
easy to verlook something.
However, if I create a war file using Maven and deploy it on the server,
/common works. So I think it may be the problem wuth embedded tomcat instance
within eclipse for which may be ROOT is not the doc root.
Can anyone suggest how can it work i.e. deploying application from eclipse to a
configured tomcat instance in eclipse ?
Thanks.
Regards,
SAURABH AGRAWAL
Manager Technology
—
SapientNitro
Aachvis Softech Private Limited SEZ,
“Oxygen”, (Tower C), Ground – 3rd Floor,
Plot No. 7, Sector 144 Expressway,
Noida 201 304, Uttar Pradesh, India
desk +91 (120) 479 5000
mobile +91 981 866 4383
fax +91 (120) 479 5001
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please contact
the sender and delete the material from any computer.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
