Konstantin Kolinko wrote:
2010/7/7 André Warnier <a...@ice-sa.com>:
I have made the change in the Manager's web.xml, restarted Tomcat, and so
far all the manager functions and links seem to be working fine.
Namely, I have added this mapping at the end of the existing
servlet-mappings of the manager webapp's web.xml :
existing :
...
<servlet-mapping>
<servlet-name>HTMLManager</servlet-name>
<url-pattern>/html/*</url-pattern>
</servlet-mapping>
added:
<servlet-mapping>
<servlet-name>HTMLManager</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
In my understanding of the URL-mapping rules,
- the "/manager" part determines which URLs get mapped to the Manager
application
- then, after this "/manager" is stripped, for the remainder, the longest
matching mapping "wins".
So the "/*" mapping above should win only if none of the others does, no ?
Am I missing something ?
1) The HTMLManager servlet uses the part of URI after "/html" (aka
request.getPathInfo()) as the command to be executed.
Having it mapped to two different addresses creates an ambiguity, and
well as may bypass security constraints specified in its web.xml
2) I think that adding /index.jsp that will respond to the client with
a 301 redirect to contextPath + "/html" will work, but I am not sure
that this feature is actually needed.
I have now tested the above change also with this version :
C:\apache-tomcat-6.0.24\bin>version
Using CATALINA_BASE: C:\apache-tomcat-6.0.24
Using CATALINA_HOME: C:\apache-tomcat-6.0.24
Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.24\temp
Using JRE_HOME: C:\Java6jdk
Using CLASSPATH: C:\apache-tomcat-6.0.24\bin\bootstrap.jar
Server version: Apache Tomcat/6.0.24
Server built: January 19 2010 1439
Server number: 6.0.0.0
OS Name: Windows XP
OS Version: 5.1
Architecture: x86
JVM Version: 1.6.0_06-b02
JVM Vendor: Sun Microsystems Inc.
C:\apache-tomcat-6.0.24\bin>
and I also see no doomsday effects.
My earlier notes about how it behaves with a selection of URLs under Tomcat 5.5 seem also
valid for this version 6.0 above.
(Granted, apart from the /manager/images path. That one is broken. But that should easily
be fixable, no ?).
About remark 1) above :
- as per my understanding, that should still work after the change. Any URL path beginning
with "/manager/html" will still be mapped the same way, and getPathInfo() will still
return the same answer, no ?
- on the face of it, I see nothing in the manager's web.xml of the Windows distribution of
Tomcat 5.5 or 6.0, that would create a security issue with this. The whole webapp is
under the same security constraints, so even just "/manager" will ask for authentication.
As far as I know, I am not making any changes to the logic of the manager application by
doing this. All I am doing is making the HTMLManager servlet be the default servlet.
So when a user requests any URL starting with "/manager" and not specifically matching any
of the specific other manager servlets, they will get the HTML manager's starting page.
Is that bad ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
