tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Gomez <hgo...@apache.org>
Subject Re: [next] What's next ?
Date Fri, 03 Oct 2003 08:11:41 GMT
Henri Gomez a écrit :

> Henri Gomez a écrit :
> 
>> Henri Gomez a écrit :
>>
>>> Jean-Francois Arcand a écrit :
>>>
>>>> +1
>>>>
>>>>>
>>>>>
>>>>> The security mechanism in TC 4.x and higher (due to digester)
>>>>> avoid me to use such easy configuration tuning and so we have
>>>>> to stay with Tomcat 3.3.x for now. 
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> I'm probably missing something here....why the digester suffer from 
>>>> that limitation? What kind of security exception are you seeing. If 
>>>> you give all permissions to the Digester, does it change something?
>>>
>>>
>>>
>>
>> Same problem with TC 5.0.12 ;(
>>
>> To reproduce, I added an external entity file in the web.xml
>> of the provided servlet-examples webapp web.xml :
>>
>> ----
>>
>> <?xml version="1.0" encoding="ISO-8859-1"?>
>>
>> <!DOCTYPE web-app
>>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>>     "http://java.sun.com/dtd/web-app_2_3.dtd">
>>
>> [ <!ENTITY % appconf  SYSTEM "../../../etc/webapp/appconf.xml"> 
>> %appconf; ]
>>
>>

Great it seems to works with :

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
     "http://java.sun.com/dtd/web-app_2_3.dtd"

[ <!ENTITY % appconf  SYSTEM "file:../etc/webapp/appconf.xml"> %appconf; ]

 >

<web-app>

     <display-name>Servlet 2.4 Examples</display-name>
     <description>
       Servlet 2.4 Examples.
     </description>


.....

So should I assume that the current directory is webapps ?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message