tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Gomez <hgo...@apache.org>
Subject Re: [next] What's next ?
Date Fri, 03 Oct 2003 07:58:52 GMT
Craig R. McClanahan a écrit :

> Henri Gomez wrote:
> 
>> Jean-Francois Arcand a écrit :
>>
>>>
>>>
>>> Henri Gomez wrote:
>>>
>>>> Henri Gomez a écrit :
>>>>
>>>>>
>>>>>>> 3. Provide a complete working configuration example for a cluster
of
>>>>>>> tomcat servers with a front-end tomcat as well, i.e. a pure 
>>>>>>> tomcat-only
>>>>>>> solution.  We already have the jvmRoute mechanism, but I think
it 
>>>>>>> needs
>>>>>>> more examples/documentation so that people start using it.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> One of the features I'd like to see in Tomcat 5.x, a features which 
>>>> prevent me to use TC 4.0.x, 4.1.x and 5.x on my production server is
>>>> the ability to use external entities from within a web.xml.
>>>>
>>>> Let me explain :
>>>>
>>>> We have many customers which run the same application but with 
>>>> differents settings. All the settings are present in the web.xml
>>>> via the use of external entities which are included at run-time. 
>>>
>>>
>>>
>>>
>>> +1
>>>
>>>>
>>>>
>>>> The security mechanism in TC 4.x and higher (due to digester)
>>>> avoid me to use such easy configuration tuning and so we have
>>>> to stay with Tomcat 3.3.x for now. 
>>>
>>>
>>>
>>>
>>> I'm probably missing something here....why the digester suffer from 
>>> that limitation? What kind of security exception are you seeing. If 
>>> you give all permissions to the Digester, does it change something?
>>
>>
>>
>> i don't know how to setup digester to do it but the last time I tried 
>> with TC 4.1.x, I couldn't get external entities :
>>
>> Here is a sample web.xml :
>>
>> In my case env and defusr are located in ../../etc/webapp/app.xml
>> which differs from one client to another.
>> With the current limitation (tested on TC 4.1.x), I couldn't have them
>> loaded from ../../etc/webapp/app.xml...
> 
> 
> Loading relative references like this works fine for me when I have the 
> side files in the WEB-INF directory next to the web.xml file.  Without 
> describing what error messages you get when you try this, it's 
> impossible to know what's really going on.  However, your relative 
> references to the "app.xml" file will certainly not work in at least 
> three scenarios:
> 
> * You run the webapp from a WAR file directly (because
>  you'd be trying to navigate "above" the WAR, and
>  ".." doesn't mean anything in that scenario.
> 
> * You run the webapp by dynamic deployment (via Manager)
>  instead of under the "webapps" directory -- thus invalidating
>  the directory navigation ("../..") because Manager puts the
>  deployed webapp in a different place in the filesystem.
> 
> * You run under a security manager that disallows
>  access to any file outside your webapp.
> 
> One obvious thing to try would be using an absolute "file:" (or even 
> "http:") URL -- that would fix the first two cases.  For the third case, 
> you'll have to adjust your security manager permissions no matter what.
> 
> But without knowing what error mesage you get when you try, there's 
> nothing anyone can do but guess.
> 

I just sent a copy of my error message.

- I'm not in the case 1, since I was using the exploded webapp.

- I'm not in the case 2, since I'm using an allready present webapp

- I don't use special security manager, just TC 5.0.12 from tarball.
   So if there is a security mecanism it's embedded in digester or TC


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message