tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Accessing parent and uncle directories
Date Tue, 10 Oct 2000 21:42:26 GMT
With Tomcat 3.1 and 4.0 I get various degrees of security failures in my
JSP/taglib application. They are due to my accessing higher rather than
lower level directories, but that arrangement makes sense since the lower
directories are customizations of the higher one.

Is there any way through one of Apache or Tomcat's configuration files or
web.xml to enable such access? This worked under Tomcat 3.0.

My application consists of a taglib that needs to read a common file, a bean
that reads a common file, and a JSP file that includes some common files.

	    ViewA <-- holds JSP files
	    ViewB <-- holds JSP files

The JSP file includes from ../CommonJSPFragments and calls a bean method
that reads a file in ../CommonDatabase. The taglib reads a file from ../.
Under 3.1 the JSP includes work but the bean reference to CommonDatabase
fails. Under Tomcat 4.0, one of the JSP includes fails.

I could restructure to use a servlet forwarding to JSP pages which would get
rid of the CommonDatabase problem by having the servlet do the read and pass
a session variable. This would leave the taglib reading from ../ problem,
but if the file could be read from the serlet's directory that would be

Anyone out there have a better solution? I'm fairly new to servers and the
context/security of file access under JSP is not well-explained anywhere
I've looked so far.

Marc McDonald
Design Intelligence

View raw message