tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: JSP pages are not loaded. Only HTML source code
Date Wed, 09 Mar 2011 13:04:21 GMT
Quickly, because I have to get a train..

I think that this :

<Context docBase="/opt/test/servlet" allowLinking="true">

togethet with this :

<frame src="/XYtest/servlet/jsp/Viewer/View.jsp"

  is wrong. You have a "servlet" too many there.
In other words,

"/XYtest/" already points to "/opt/test/servlet".
If you say "/XYtest/servlet/x", you are pointing to "/opt/test/servlet/servlet/x", no ?







Petr Hracek wrote:
> I have changed sources so that the actuall state is following:
> 
> Apache things are in directory
> /opt/test/htdocs
> tomcat things are in directory
> /opt/test/servlet
> 
> XYtest.xml is now:
> <?xml version='1.0' encoding='utf-8'?>
> <Context docBase="/opt/test/servlet" allowLinking="true">
> </Context>
> 
> And jsp are stored in
> /opt/test/servlet/jsp/Viewer/View.jsp
> 
> Updated HTML file stored in /opt/test/htdocs is:
> <frameset rows="63,40,*" frameborder="0">
>  <frame src="logo.html" name="logo" noresize scrolling="no"
> marginwidth="0" marginheight="
> 0">
>  <frame src="/XYtest/servlet/jsp/Viewer/View.jsp" name="toolbar"
> noresize scrolling="no"
> marginwidth="0" marginhei
> ght="0">
>  <frame src="/XYtest/servlet/jsp/Viewer/View2.jsp" name="ctrl">
> </frameset>
> 
> Apache has been updated accordingly:
> ProxyPass /XYtest/servlet ajp://localhost:8009/XYtest/servlet
> ProxyPassReverse /XYtest/servlet ajp://localhost:8009/XYtest/servlet
> 
> Unfortunatelly it shows me: HTTP 404
> 
> message /XYtest/servlet/jsp/Viewer/View.jsp
> 
> description The requested resource
> (/XYtest/servlet/jsp/Viewer/View.jsp) is not available.
> 
> What is wrong?
> Other servlets which did not used JSP are working properly.
> 
> Thank you in advance
> Petr
> 
> 
> 2011/3/8 André Warnier <aw@ice-sa.com>:
>> Petr Hracek wrote:
>>> Dear users,
>>>
>>> I would like to asked you on the some thing regarding JSP pages.
>>> On the Linux whereis installed apache 2.2.14 and tomcat 5.5.28
>> that's an old version of Tomcat. You should be using at least a 6.0.x
>> version by now.
>>
>>  I would
>>> like to run
>>> JSP pages.
>>> JSP pages should be run over mod_proxy_ajp.
>>> URL is:
>>> http://<IP_address>/XYtest/jsp/Viewer/index.html
>>> ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
>>> ProxyPassReverse /XYtest/*.jsp ajp://localhost:8009/XYtest
>>>
>>> JSP page is called from HTML (index.html) and FRAME src "view.jsp"
>>> mentioned above.
>>> but instead of showing JSP page HTML source code is shown.
>>>
>>> Do you know what could be a reason?
>>> in the Catalina configuration directory
>>> (/etc/tomcat5/base/Catalina/localhost/XYtest.xml) is following context
>>> file
>>> test# cat /etc/tomcat/5/base/Catalina/locahost/XYtest.xml
>>> <?xml version='1.0' encoding='utf-8'?>
>>> <Context docBase="/opt/test/XYtest" allowLinking="true">
>>> </Context>
>>> test#
>>>
>>> structure in Linux is:
>>> /opt/test/XYtest/jsp/Viewer where are located files index.html and
>>> view.jsp which is part of FRAME
>>>
>> As a general observation : it looks like you are trying to serve the same
>> directory from Apache httpd and from Tomcat.  That is generally a quite bad
>> idea in terms of security, and also in terms of confusion, as you are
>> experiencing here.
>>
>> To understand what is happening, you must look at it from the browser point
>> of view.
>>
>> Step 1 :
>>
>> Your initial html document "index.html" is :
>>
>> <frameset rows="63,40,*" frameborder="0">
>>  <frame src="logo.html" name="logo" noresize scrolling="no"
>> marginwidth="0" marginheight="
>> 0">
>>  <frame src="View.jsp" name="toolbar" noresize scrolling="no"
>> marginwidth="0" marginhei
>> ght="0">
>>  <frame src="View2.jsp" name="ctrl">
>> </frameset>
>>
>> and the browser loads it from the URL :
>> http://<IP_address>/XYtest/jsp/Viewer/index.html
>>
>> Step 2 :
>>
>> In this document, the browser finds a reference to another document :
>>
>> <frame src="View.jsp" ..>
>>
>> The browser interprets that relative URL on the base of the origin of the
>> current page, and then it asks the server for that document.
>> So the browser requests the document (the inside frame) from the URL :
>> http://<IP_address>/XYtest/jsp/Viewer/View.jsp
>>
>> Step 3 :
>> The Apache httpd server receives the request for
>>
>> http://<IP_address>/XYtest/jsp/Viewer/View.jsp
>>
>> and it tries to match it with your proxy statement :
>>
>> ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
>>
>> It does not match (see below), so Apache httpd serves it itself, directly
>> from disk.
>> That is why you see the source : Tomcat never sees this request, and Apache
>> has no idea that a ".jsp" file is anything else than text.
>>
>> Now why does it not match ?
>> Because the ProxyPass directive does not understand wildcards or regexp.
>> For that, you should us "ProxyPassMatch", for example like this :
>>
>> ProxyPassMatch "/XYtest/.*\.jsp$" ajp://localhost:8009/XYtest
>>
>> But it is still a bad idea.
>> Why ?
>>
>> Suppose that in the directory /opt/test/XYtest, there is a sub-directory
>> named "WEB-INF", and in that directory is a file "web.xml".
>> This file is a configuration file for your Tomcat web application, and it
>> may contain things like passwords for accessing a database for example.
>> For that reason (security), Tomcat /never/ allows a user to request a
>> document within the WEB-INF sub-directory of a web application.
>>
>> But with your setup, anyone can ask for the URL :
>> http://<IP_address>/XYtest/WEB-INF/web.xml
>>
>> and Apache httpd will happily return that file (also as a text file).
>> So, with you setup, you are bypassing an important security feature of
>> Tomcat, because you are allowing Apache httpd to go "around it".
>>
>> There are different possibilities to fix your configuration.
>> The first one would be to do this in Apache :
>>
>> ProxyPass /XYtest ajp://localhost:8009/XYtest
>>
>> and NOT define the directory /opt/test/XYtest in any way in Apache.
>> That way, any request for a URL starting will /XYtest will be forwarded
>> directly to Tomcat, and Tomcat will happily serve html pages (like
>> index.html) as well as Apache.
>> And it knows how to handle jsp pages too.
>>
>> Now, if all you want to do is serve html pages and jsp pages, you could also
>> wonder if you need Apache httpd and mod_prox_ajp at all. You could set
>> Tomcat to answer directly on port 80, get rid of Apache httpd, and simplify
>> your configuration.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message