-----Original Message----- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Monday, January 29, 2007 3:20 PM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG?
Hi Robert, Thanks for your help. After I added that readonly into web.xml, I can put files into /webapps/incoming. Right now it is ok for me. Because user ONLY can put files under /webapps/incoming dir. Also, in this way, tomcat does not require userID and password. Now there are three questions: 1. How to config to force using userID and password? I add putusero1 into "tomcat-users.xml", it's useless. [Robert Harper] Look at the documents. You'll have to set up the security and determine what kind of authentication you want. This may be version dependent so I won't go into too much detail here. I am using 5.0 because that was the newest version when I developed my app and I don't see a big reason to change right now. 2. How to config another servlet to handle PUT in web.xml? <servlet> <servlet-name>PUT</servlet-name> <servlet-class>org.apache.jasper.servlet.???????</servlet-class> <init-param> <param-name>????1</param-name> <param-value>????1</param-value> </init-param> <init-param> <param-name>????2</param-name> <param-value>????2</param-value> </init-param> <load-on-startup>?</load-on-startup> </servlet> [Robert Harper] Create your servlet extending the HttpServlet and set the "servlet-class" value to the package_path.ClassName for your servlet. Use the "security-constraint" area in the web.xml file to set what you will and won't handle and other options. See the Tomcat documentation for your version on where and how to do this. <servlet-mapping> <servlet-name>PUT</servlet-name> <url-pattern>/MyPUT/PUT-Handler</url-pattern> </servlet-mapping> 3. How to turn on client request log in tomcat side? [Robert Harper] I used log() method inherited from HttpServlet to log my messages. I created a little wrapper method so I could easily force certain patterns to the messages. Where they land is in the logger specification in your web.xml configuration in the servlet's context. The easiest way to configure the logging directory, file names, and other settings is with the admin app. What version are you using? Thanks Jimmy -----Original Message----- From: Robert Harper [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 12:07 PM To: 'Tomcat Users List' Subject: RE: HTTP PUT - HOW TO CONFIG? The problem is that the default servlet is handling the request(s) unless you have some other servlet do it. By default, the doPut() will check to see if the readonly property has been changed to false. If it has not, default behavior, it will return the forbidden error. If you change this to false, then you loose control of security and anything sent via a PUT will be allowed. You may want this but it also leaves you open to easy attacks. If you are sure you want to do this, try adding the following to the default servlet's configuration in the web.xml file. Where this is could vary based on the version of Tomcat you are running. <init-param> <param-name>readonly</param-name> <param-value>false</param-value> </init-param> Most would prefer not to do this and would prefer to either write a filter or servlet to track the PUTs and have something to protect your system. You will not see anything in a log file because the default servlet does not write anything to the logs when it refuses the request. For Tomcat 5.0 the document to read on what the default servlet does and doesn't do would be found here. http://tomcat.apache.org/tomcat-5.0-doc/default-servlet.html Robert S. Harper Senior Engineer Information Access Technology, Inc. 1100 East 6600 South, Suite 300 Salt Lake City Utah USA 84121-7411 (801)265-8800 Ext. 255 FAX (801)265-8880 -----Original Message----- From: Zhan, Jimmy [mailto:[EMAIL PROTECTED] Sent: Friday, January 26, 2007 10:48 AM To: Tomcat Users List Subject: RE: HTTP PUT - HOW TO CONFIG? Hi, I got some progress. I used a Python program to send a HTTP PUT request to my tomcat server. The Python allow my pick any local file to upload to tomcat server box. And I got response back from tomcat with error code 403(Forbidden). I'm thing, tomcat can handler the HTTP PUT, but need do something about config. Hope someone can help out of this config crabe. I have the client side log to look at, but I don't see any log in tomcat server side. Could anyone tell me how to turn on tomcat tracing log? I have 8 default log files there, but none tracing this test. They are: admin.2007-01-26.log, catalina.2007-01-26.log, host-manager.2007-01-26.log, jakarta_service_20070126.log, locahost.2007-01-26.log, manager.2007-01-26.log, stderr_20070126.log, stdout_20070126.log. Here is my test client side tracing: ---------------------------------------------------------------------- <<Command line command>> C:\Python25>Python QuickPut.py -v C:\Python25\put.txt http://localhost:8080/incomming/put_test1.txt myUserID myPasswd <<Tracing>>: Sending HEAD request to: http://localhost:8080/incomming/put_test1.txt Auth: {'uname': 'myUserID', 'pswd': 'myPasswd'} HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive HEAD response code: 404 Response headers: Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1024 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive PUTing to: http://localhost:8080/incomming/put_test1.txt Data: Content-Length: 29, Snippet: "This is a HTTP PUT test file." Getting reply... Got reply Done: 403: Forbidden Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 964 Date: Fri, 26 Jan 2007 16:49:26 GMT Connection: keep-alive --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]