The problem is that the default servlet is handling the request(s) unless you have some other servlet do it. By default, the doPut() will check to see if the readonly property has been changed to false. If it has not, default behavior, it will return the forbidden error. If you change this to false, then you loose control of security and anything sent via a PUT will be allowed. You may want this but it also leaves you open to easy attacks.
If you are sure you want to do this, try adding the following to the default servlet's configuration in the web.xml file. Where this is could vary based on the version of Tomcat you are running. <init-param> <param-name>readonly</param-name> <param-value>false</param-value> </init-param> Most would prefer not to do this and would prefer to either write a filter or servlet to track the PUTs and have something to protect your system. You will not see anything in a log file because the default servlet does not write anything to the logs when it refuses the request. For Tomcat 5.0 the document to read on what the default servlet does and doesn't do would be found here. http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html Robert S. Harper Senior Engineer Information Access Technology, Inc. 1100 East 6600 South, Suite 300 Salt Lake City Utah USA 84121-7411 (801)265-8800 Ext. 255 FAX (801)265-8880 This e-mail is intended only for the addressee and may contain confidential and/or privileged information. Any review, retransmission, or action taken upon this information by persons other than the intended recipient is prohibited by law. If you received this communication in error, please contact us immediately at 801-265-8800. Although this e-mail and any attachments are believed to be free of any virus or other defect, it is the responsibility of the recipient to ensure that anything received or opened is virus free. No responsibility is accepted by IAT for any loss or damage in the event that such a virus or defect exists. -----Original Message----- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 10:48 AM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG? Hi, I got some progress. I used a Python program to send a HTTP PUT request to my tomcat server. The Python allow my pick any local file to upload to tomcat server box. And I got response back from tomcat with error code 403(Forbidden). I'm thing, tomcat can handler the HTTP PUT, but need do something about config. Hope someone can help out of this config crabe. I have the client side log to look at, but I don't see any log in tomcat server side. Could anyone tell me how to turn on tomcat tracing log? I have 8 default log files there, but none tracing this test. They are: admin.2007-01-26.log, catalina.2007-01-26.log, host-manager.2007-01-26.log, jakarta_service_20070126.log, locahost.2007-01-26.log, manager.2007-01-26.log, stderr_20070126.log, stdout_20070126.log. Here is my test client side tracing: ---------------------------------------------------------------------- <<Command line command>> C:\Python25>Python QuickPut.py -v C:\Python25\put.txt http://localhost:8080/incomming/put_test1.txt myUserID myPasswd <<Tracing>>: Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt Auth: {'uname': 'myUserID', 'pswd': 'myPasswd'} HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive PUTing to: http://localhost:8080/incomming/put_test1.txt Data: Content-Length: 29, Snippet: "This is a HTTP PUT test file." Getting reply... Got reply Done: 403: Forbidden Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 964 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
