-----Original Message-----
From: Zhan, Jimmy [mailto:[EMAIL PROTECTED]
Sent: Monday, January 29, 2007 3:20 PM
To: Tomcat Users List
Subject: RE: HTTP PUT - HOW TO CONFIG?
Hi Robert,
Thanks for your help.
After I added that readonly into web.xml, I can put files into
/webapps/incoming. Right now it is ok for me. Because user ONLY
can put files under /webapps/incoming dir.
Also, in this way, tomcat does not require userID and password.
Now there are three questions:
1. How to config to force using userID and password? I add
putusero1
into "tomcat-users.xml", it's useless.
[Robert Harper] Look at the documents. You'll have to set up the security
and determine what kind of authentication you want. This may be version
dependent so I won't go into too much detail here. I am using 5.0 because
that was the newest version when I developed my app and I don't see a big
reason to change right now.
2. How to config another servlet to handle PUT in web.xml?
<servlet>
<servlet-name>PUT</servlet-name>
<servlet-class>org.apache.jasper.servlet.???????</servlet-class>
<init-param>
<param-name>????1</param-name>
<param-value>????1</param-value>
</init-param>
<init-param>
<param-name>????2</param-name>
<param-value>????2</param-value>
</init-param>
<load-on-startup>?</load-on-startup>
</servlet>
[Robert Harper] Create your servlet extending the HttpServlet and set the
"servlet-class" value to the package_path.ClassName for your servlet. Use
the "security-constraint" area in the web.xml file to set what you will and
won't handle and other options. See the Tomcat documentation for your
version on where and how to do this.
<servlet-mapping>
<servlet-name>PUT</servlet-name>
<url-pattern>/MyPUT/PUT-Handler</url-pattern>
</servlet-mapping>
3. How to turn on client request log in tomcat side?
[Robert Harper] I used log() method inherited from HttpServlet to log my
messages. I created a little wrapper method so I could easily force certain
patterns to the messages. Where they land is in the logger specification in
your web.xml configuration in the servlet's context. The easiest way to
configure the logging directory, file names, and other settings is with the
admin app.
What version are you using?
Thanks
Jimmy
-----Original Message-----
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 12:07 PM
To: 'Tomcat Users List'
Subject: RE: HTTP PUT - HOW TO CONFIG?
The problem is that the default servlet is handling the request(s)
unless
you have some other servlet do it. By default, the doPut() will check to
see
if the readonly property has been changed to false. If it has not,
default
behavior, it will return the forbidden error. If you change this to
false,
then you loose control of security and anything sent via a PUT will be
allowed. You may want this but it also leaves you open to easy attacks.
If you are sure you want to do this, try adding the following to the
default
servlet's configuration in the web.xml file. Where this is could vary
based
on the version of Tomcat you are running.
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
Most would prefer not to do this and would prefer to either write a
filter
or servlet to track the PUTs and have something to protect your system.
You will not see anything in a log file because the default servlet does
not
write anything to the logs when it refuses the request.
For Tomcat 5.0 the document to read on what the default servlet does and
doesn't do would be found here.
http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html
Robert S. Harper
Senior Engineer
Information Access Technology, Inc.
1100 East 6600 South, Suite 300
Salt Lake City Utah USA 84121-7411
(801)265-8800 Ext. 255
FAX (801)265-8880
-----Original Message-----
From: Zhan, Jimmy [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 10:48 AM
To: Tomcat Users List
Subject: RE: HTTP PUT - HOW TO CONFIG?
Hi,
I got some progress.
I used a Python program to send a HTTP PUT request to my tomcat
server.
The Python allow my pick any local file to upload to tomcat server
box.
And I got response back from tomcat with error code 403(Forbidden).
I'm thing, tomcat can handler the HTTP PUT, but need do something
about
config. Hope someone can help out of this config crabe.
I have the client side log to look at, but I don't see any log in
tomcat server side. Could anyone tell me how to turn on tomcat
tracing log? I have 8 default log files there, but none tracing this
test.
They are:
admin.2007-01-26.log,
catalina.2007-01-26.log,
host-manager.2007-01-26.log,
jakarta_service_20070126.log,
locahost.2007-01-26.log,
manager.2007-01-26.log,
stderr_20070126.log,
stdout_20070126.log.
Here is my test client side tracing:
----------------------------------------------------------------------
<<Command line command>>
C:\Python25>Python QuickPut.py -v C:\Python25\put.txt
http://localhost:8080/incomming/put_test1.txt myUserID myPasswd
<<Tracing>>:
Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt
Auth: {'uname': 'myUserID', 'pswd': 'myPasswd'}
HEAD response code: 404
Response headers: Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1024
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
HEAD response code: 404
Response headers: Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1024
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
PUTing to: http://localhost:8080/incomming/put_test1.txt
Data: Content-Length: 29, Snippet: "This is a HTTP PUT test file."
Getting reply...
Got reply
Done: 403: Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 964
Date: Fri, 26 Jan 2007 16:49:26 GMT
Connection: keep-alive
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
