Hi, Is there a way to configure Tomcat so that servlets can be created by multiple users without having to either place them in the webapps directory and without updating conf/web.xml for every servlet? I know the invoker servlet is available, but I have read that is insecure. Basically, the effect I want is for users to be able to place servlets in their home directory after the server is already running, and for those servlets to be recognized by Tomcat, and for them to be confined to the user directory they are contained in, providing a safe environment for multiple users to develop servlets in. There is an Apache httpd server running which maps "~" url patterns to username/public_html directory.
For example, http://host/~username/webapp_public_name/ should be mapped to /~username/public_html/actual_webapp_path/servlet_path/ where /~username/public_html/actual_webapp_path/ contains a WEB-INF folder describing servlet mappings within that directory. However, servlets in /~username/public_html/ should not be able to map to anything higher than http://host/~username/ such as http://host/ or http://host/~username/../. Even if I can't confine servlets in user's home directories to map only to URLs corresponding to their username, is it at least possible to configure Tomcat to allow live deployment from users home directories without enabling the invoker servlet? Any help would be appreciated.
