tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: tomcat /manager not working
Date Wed, 07 Jul 2010 16:21:29 GMT
Konstantin Kolinko wrote:
> 2010/7/7 André Warnier <aw@ice-sa.com>:
>> I have made the change in the Manager's web.xml, restarted Tomcat, and so
>> far all the manager functions and links seem to be working fine.
>> Namely, I have added this mapping at the end of the existing
>> servlet-mappings of the manager webapp's web.xml :
>>
>> existing :
>> ...
>>  <servlet-mapping>
>>    <servlet-name>HTMLManager</servlet-name>
>>    <url-pattern>/html/*</url-pattern>
>>  </servlet-mapping>
>>
>> added:
>>  <servlet-mapping>
>>    <servlet-name>HTMLManager</servlet-name>
>>    <url-pattern>/*</url-pattern>
>>  </servlet-mapping>
>>
>> In my understanding of the URL-mapping rules,
>> - the "/manager" part determines which URLs get mapped to the Manager
>> application
>> - then, after this "/manager" is stripped, for the remainder, the longest
>> matching mapping "wins".
>> So the "/*" mapping above should win only if none of the others does, no ?
>>
>> Am I missing something ?
>>
> 
> 1) The HTMLManager servlet uses the part of URI after "/html" (aka
> request.getPathInfo()) as the command to be executed.
> 
> Having it mapped to two different addresses creates an ambiguity,  and
> well as may bypass security constraints specified in its web.xml
> 
> 2) I think that adding /index.jsp that will respond to the client with
> a 301 redirect to contextPath + "/html" will work,  but I am not sure
> that this feature is actually needed.
> 
> 
I have now tested the above change also with this version :
C:\apache-tomcat-6.0.24\bin>version
Using CATALINA_BASE:   C:\apache-tomcat-6.0.24
Using CATALINA_HOME:   C:\apache-tomcat-6.0.24
Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.24\temp
Using JRE_HOME:        C:\Java6jdk
Using CLASSPATH:       C:\apache-tomcat-6.0.24\bin\bootstrap.jar
Server version: Apache Tomcat/6.0.24
Server built:   January 19 2010 1439
Server number:  6.0.0.0
OS Name:        Windows XP
OS Version:     5.1
Architecture:   x86
JVM Version:    1.6.0_06-b02
JVM Vendor:     Sun Microsystems Inc.
C:\apache-tomcat-6.0.24\bin>

and I also see no doomsday effects.
My earlier notes about how it behaves with a selection of URLs under Tomcat 5.5 seem also

valid for this version 6.0 above.
(Granted, apart from the /manager/images path.  That one is broken. But that should easily

be fixable, no ?).

About remark 1) above :
- as per my understanding, that should still work after the change. Any URL path beginning

with "/manager/html" will still be mapped the same way, and getPathInfo() will still 
return the same answer, no ?
- on the face of it, I see nothing in the manager's web.xml of the Windows distribution of

Tomcat 5.5 or 6.0, that would create a security issue with this.  The whole webapp is 
under the same security constraints, so even just "/manager" will ask for authentication.

As far as I know, I am not making any changes to the logic of the manager application by 
doing this.  All I am doing is making the HTMLManager servlet be the default servlet.
So when a user requests any URL starting with "/manager" and not specifically matching any

of the specific other manager servlets, they will get the HTML manager's starting page.
Is that bad ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message