tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: [next] What's next ?
Date Thu, 02 Oct 2003 17:01:52 GMT
Henri Gomez wrote:

> Jean-Francois Arcand a écrit :
>
>>
>>
>> Henri Gomez wrote:
>>
>>> Henri Gomez a écrit :
>>>
>>>>
>>>>>> 3. Provide a complete working configuration example for a cluster
of
>>>>>> tomcat servers with a front-end tomcat as well, i.e. a pure 
>>>>>> tomcat-only
>>>>>> solution.  We already have the jvmRoute mechanism, but I think it

>>>>>> needs
>>>>>> more examples/documentation so that people start using it.
>>>>>
>>>>>
>>>>>
>>>
>>> One of the features I'd like to see in Tomcat 5.x, a features which 
>>> prevent me to use TC 4.0.x, 4.1.x and 5.x on my production server is
>>> the ability to use external entities from within a web.xml.
>>>
>>> Let me explain :
>>>
>>> We have many customers which run the same application but with 
>>> differents settings. All the settings are present in the web.xml
>>> via the use of external entities which are included at run-time. 
>>
>>
>>
>> +1
>>
>>>
>>>
>>> The security mechanism in TC 4.x and higher (due to digester)
>>> avoid me to use such easy configuration tuning and so we have
>>> to stay with Tomcat 3.3.x for now. 
>>
>>
>>
>> I'm probably missing something here....why the digester suffer from 
>> that limitation? What kind of security exception are you seeing. If 
>> you give all permissions to the Digester, does it change something?
>
>
> i don't know how to setup digester to do it but the last time I tried 
> with TC 4.1.x, I couldn't get external entities :
>
> Here is a sample web.xml :
>
> In my case env and defusr are located in ../../etc/webapp/app.xml
> which differs from one client to another.
> With the current limitation (tested on TC 4.1.x), I couldn't have them
> loaded from ../../etc/webapp/app.xml...

Loading relative references like this works fine for me when I have the 
side files in the WEB-INF directory next to the web.xml file.  Without 
describing what error messages you get when you try this, it's 
impossible to know what's really going on.  However, your relative 
references to the "app.xml" file will certainly not work in at least 
three scenarios:

* You run the webapp from a WAR file directly (because
  you'd be trying to navigate "above" the WAR, and
  ".." doesn't mean anything in that scenario.

* You run the webapp by dynamic deployment (via Manager)
  instead of under the "webapps" directory -- thus invalidating
  the directory navigation ("../..") because Manager puts the
  deployed webapp in a different place in the filesystem.

* You run under a security manager that disallows
  access to any file outside your webapp.

One obvious thing to try would be using an absolute "file:" (or even 
"http:") URL -- that would fix the first two cases.  For the third case, 
you'll have to adjust your security manager permissions no matter what.

But without knowing what error mesage you get when you try, there's 
nothing anyone can do but guess.

Craig

>
>
>
> ---
>
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web 
> Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"
> [ <!ENTITY % appconf  SYSTEM "../../etc/webapp/app.xml"> %appconf; ]>
>
> <web-app>
>
>   <context-param>
>     <param-name>def.user</param-name>
>     <param-value>&defusr;</param-value>
>   </context-param>
>
>   <servlet>
>     <servlet-name>startup</servlet-name>
>     <servlet-class>my.StartupServlet</servlet-class>
>
>    <init-param>
>       <param-name>env</param-name>
>       <param-value>&envid;</param-value>
>    </init-param>
>
>   </servlet>
>
>   <session-config>
>     <session-timeout>30</session-timeout>
>   </session-config>
>   <welcome-file-list>
>     <welcome-file>/index</welcome-file>
>   </welcome-file-list>
> </web-app>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message