cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weakliem, Gordon" <Gordon.Weakl...@Den.Galileo.com>
Subject RE: Security: cocoon.properties?
Date Fri, 22 Sep 2000 16:48:27 GMT
You need to modify your WEB-INF/web.xml entry for your servlet:

 <servlet>
  <servlet-name>org.apache.cocoon.Cocoon</servlet-name>
  <servlet-class>org.apache.cocoon.Cocoon</servlet-class>
  <init-param>
   <param-name>properties</param-name>
   <param-value>WEB-INF/cocoon.properties</param-value>
  </init-param>
 </servlet>

I don't know of a way to do this globally.

> -----Original Message-----
> From: Per Kreipke [mailto:per@onclave.com]
> Sent: Friday, September 22, 2000 10:30 AM
> To: cocoon-dev@xml.apache.org
> Subject: RE: Security: cocoon.properties?
> 
> 
> I'd already tried that, I get:
> 
> java.io.FileNotFoundException: 
> D:\tomcat\webapps\samples\cocoon.properties
> (The system cannot find the file specified)
> 	at java.io.FileInputStream.open(Native Method)
> 	at java.io.FileInputStream.(FileInputStream.java:64)
> 	at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLCon
> nection.java:6
> 9)
> 	at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(Fil
> eURLConnection
> .java:133)
> 	at org.apache.cocoon.Cocoon.init(Cocoon.java:123)
> 	at
> org.apache.tomcat.core.ServletWrapper.initServlet(ServletWrapp
> er.java:315)
> 	at
> org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWra
> pper.java:445)
> 	at 
> org.apache.tomcat.core.ContextManager.service(ContextManager.java:559)
> 	at
> org.apache.tomcat.service.http.HttpConnectionHandler.processCo
> nnection(HttpC
> onnectionHandler.java:160)
> 	at
> org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEnd
> point.java:338
> )
> 	at java.lang.Thread.run(Thread.java:484)
> 
> > >Using the following setup, I can request cocoon.properties 
> and see its
> > >contents because it seems that Tomcat wants the 
> cocoon.properties file in
> > >each web application directory.
> > >
> > >- am I doing something wrong?
> >
> > Yes, put it in a WEB-INF directory, then web users will not be
> > able to see
> > it. This is defined in the Servlet Spec I believe.
> >
> > >- is this a security problem in the making?
> >
> > No. :)
> 
> Understood, if it works the way you describe, it'd be ok.
> 
> p.s. can't I have just one for the whole Tomcat install 
> instead of one per
> webapp?
> 

Mime
View raw message