tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joel Rouiller" <joel.rouil...@infometis.ch>
Subject HELP - Security in web.xml
Date Mon, 29 May 2000 08:15:00 GMT
Dear reader,

I installed Tomcat on Linux with the Apache web server. All the examples are running well.
But our servlet (running well with JServ) makes me sick.

I installed all necessary files in $TOMCAT/webapps/reporting as described in various papers.
The web.xml file looks like this:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
  <servlet>
    <servlet-name>Reporting</servlet-name>
    <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>
    <init-param>
      <param-name>db.driver</param-name>
      <param-value>oracle.jdbc.driver.OracleDriver</param-value>
    </init-param>
    <init-param>
      ... other init parameters ...
    </init-param>
    <init-param>
      <param-name>html.entries_new</param-name>
      <param-value>2</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Reporting</servlet-name>
    <url-pattern>/reporting</url-pattern>
  </servlet-mapping>
</web-app>

I added the following line in $TOMCAT/conf/server.xml:

        <Context path="/reporting" docBase="webapps/reporting" debug="9" reloadable="true">
        </Context>

And $TOMCAT/conf/tomcat.conf look like this:

###############################################################################
#                     Apache JServ Configuration File                         #
###############################################################################
# Note: this file should be appended or included into your httpd.conf

# Tell Apache on Unix to load the Apache JServ communication module
# For shared object builds only!!!
# @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so
LoadModule jserv_module /usr/lib/apache/mod_jserv.so

<IfModule mod_jserv.c>
# Do not edit!
ApJServManual on
ApJServDefaultProtocol ajpv12
ApJServSecretKey DISABLED
ApJServMountCopy on
ApJServLogLevel notice
ApJServLogFile DISABLED

### Change if you run tomcat on a different host
#ApJServDefaultHost localhost
ApJServDefaultPort 8007


#################### All jsp files will go to tomcat ####################
#ApJServMount default /root

AddType text/jsp .jsp
AddHandler jserv-servlet .jsp

############################## Context mapping - you need to "deploy"
# ( copy or ln -s ) the context into htdocs
##

ApJServMount /examples /root
ApJServMount /reporting /root
ApJServMount /test /root
ApJServMount /servlet /root

</IfModule>

I removed all access restriction to the reporting directories in httpd.conf. So it should
be accessed from anyone from everywhere, but no, it allways ask me three times a user id and
password to log in. Has anyone an idea what is going wrong or what I is configured wrong?

Best regards and thanks for any suggestions,

Joel Rouiller / infometis ag


Mime
View raw message