Return-Path: 
 <users-return-222615-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 48674 invoked from network); 9 Mar 2011 11:28:50 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 9 Mar 2011 11:28:50 -0000
Received: (qmail 69208 invoked by uid 500); 9 Mar 2011 11:28:47 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 69025 invoked by uid 500); 9 Mar 2011 11:28:47 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 69016 invoked by uid 99); 9 Mar 2011 11:28:46 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Mar 2011 11:28:46 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of phracek2@gmail.com designates
 209.85.216.173 as permitted sender)
Received: from [209.85.216.173] (HELO mail-qy0-f173.google.com)
 (209.85.216.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Mar 2011 11:28:40 +0000
Received: by qyk36 with SMTP id 36so4368257qyk.18
        for <users@tomcat.apache.org>; Wed, 09 Mar 2011 03:28:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding;
        bh=pVhjSi3EkybX7JO3jyoJZEsuW0vRnMRg+trfSYd9OGE=;
        b=ijFvBvo9YYE1Eftx2AnIsERTtz6g+zU+aB2dAvT6xUEd30fwvRby6hQdUDZgq7ZclS
         cA9EMTz0n0Tw4r63ARWoePRpR7cUaJ1vaqFIkd76ybSU9n0Qio87BEuNl3EDpQ1i1d8l
         Qmm58Xd4MPXkk/iq1JwFZR0UEJetCgMEALcdY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=lnITjhoY40LVqva9l8J7WUjY45EAfr0KVh8maxwKOmgy+T6VONbQLnKED5FWDBI93g
         Dr7dPXFZD+limd3ieYpzuS7o7scDmHdItOdtt1qPEWswfMmBBmFZXWK+HFHO66B8d4r5
         XrhgT+dnGl8FkAtJm91VeyKjq5A3kRTM50oCI=
MIME-Version: 1.0
Received: by 10.224.89.6 with SMTP id c6mr5429974qam.379.1299670099078; Wed,
 09 Mar 2011 03:28:19 -0800 (PST)
Received: by 10.224.67.141 with HTTP; Wed, 9 Mar 2011 03:28:18 -0800 (PST)
In-Reply-To: <4D764286.1080000@ice-sa.com>
References: <AANLkTimpTFYb1x6nzVuGo+1dbgYtocyiZAO01Keqt92M@mail.gmail.com>
	<4D764286.1080000@ice-sa.com>
Date: Wed, 9 Mar 2011 12:28:18 +0100
Message-ID: <AANLkTikVwQrWvu7Ve9dj2_Dg6giRVERoZH0zeRDzDSNt@mail.gmail.com>
Subject: Re: JSP pages are not loaded. Only HTML source code
From: Petr Hracek <phracek2@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

I have changed sources so that the actuall state is following:

Apache things are in directory
/opt/test/htdocs
tomcat things are in directory
/opt/test/servlet

XYtest.xml is now:
<?xml version=3D'1.0' encoding=3D'utf-8'?>
<Context docBase=3D"/opt/test/servlet" allowLinking=3D"true">
</Context>

And jsp are stored in
/opt/test/servlet/jsp/Viewer/View.jsp

Updated HTML file stored in /opt/test/htdocs is:
<frameset rows=3D"63,40,*" frameborder=3D"0">
 <frame src=3D"logo.html" name=3D"logo" noresize scrolling=3D"no"
marginwidth=3D"0" marginheight=3D"
0">
 <frame src=3D"/XYtest/servlet/jsp/Viewer/View.jsp" name=3D"toolbar"
noresize scrolling=3D"no"
marginwidth=3D"0" marginhei
ght=3D"0">
 <frame src=3D"/XYtest/servlet/jsp/Viewer/View2.jsp" name=3D"ctrl">
</frameset>

Apache has been updated accordingly:
ProxyPass /XYtest/servlet ajp://localhost:8009/XYtest/servlet
ProxyPassReverse /XYtest/servlet ajp://localhost:8009/XYtest/servlet

Unfortunatelly it shows me: HTTP 404

message /XYtest/servlet/jsp/Viewer/View.jsp

description The requested resource
(/XYtest/servlet/jsp/Viewer/View.jsp) is not available.

What is wrong?
Other servlets which did not used JSP are working properly.

Thank you in advance
Petr


2011/3/8 Andr=C3=A9 Warnier <aw@ice-sa.com>:
> Petr Hracek wrote:
>>
>> Dear users,
>>
>> I would like to asked you on the some thing regarding JSP pages.
>> On the Linux whereis installed apache 2.2.14 and tomcat 5.5.28
>
> that's an old version of Tomcat. You should be using at least a 6.0.x
> version by now.
>
> =C2=A0I would
>>
>> like to run
>> JSP pages.
>> JSP pages should be run over mod_proxy_ajp.
>> URL is:
>> http://<IP_address>/XYtest/jsp/Viewer/index.html
>> ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
>> ProxyPassReverse /XYtest/*.jsp ajp://localhost:8009/XYtest
>>
>> JSP page is called from HTML (index.html) and FRAME src "view.jsp"
>> mentioned above.
>> but instead of showing JSP page HTML source code is shown.
>>
>> Do you know what could be a reason?
>> in the Catalina configuration directory
>> (/etc/tomcat5/base/Catalina/localhost/XYtest.xml) is following context
>> file
>> test# cat /etc/tomcat/5/base/Catalina/locahost/XYtest.xml
>> <?xml version=3D'1.0' encoding=3D'utf-8'?>
>> <Context docBase=3D"/opt/test/XYtest" allowLinking=3D"true">
>> </Context>
>> test#
>>
>> structure in Linux is:
>> /opt/test/XYtest/jsp/Viewer where are located files index.html and
>> view.jsp which is part of FRAME
>>
>
> As a general observation : it looks like you are trying to serve the same
> directory from Apache httpd and from Tomcat. =C2=A0That is generally a qu=
ite bad
> idea in terms of security, and also in terms of confusion, as you are
> experiencing here.
>
> To understand what is happening, you must look at it from the browser poi=
nt
> of view.
>
> Step 1 :
>
> Your initial html document "index.html" is :
>
> <frameset rows=3D"63,40,*" frameborder=3D"0">
> =C2=A0<frame src=3D"logo.html" name=3D"logo" noresize scrolling=3D"no"
> marginwidth=3D"0" marginheight=3D"
> 0">
> =C2=A0<frame src=3D"View.jsp" name=3D"toolbar" noresize scrolling=3D"no"
> marginwidth=3D"0" marginhei
> ght=3D"0">
> =C2=A0<frame src=3D"View2.jsp" name=3D"ctrl">
> </frameset>
>
> and the browser loads it from the URL :
> http://<IP_address>/XYtest/jsp/Viewer/index.html
>
> Step 2 :
>
> In this document, the browser finds a reference to another document :
>
> <frame src=3D"View.jsp" ..>
>
> The browser interprets that relative URL on the base of the origin of the
> current page, and then it asks the server for that document.
> So the browser requests the document (the inside frame) from the URL :
> http://<IP_address>/XYtest/jsp/Viewer/View.jsp
>
> Step 3 :
> The Apache httpd server receives the request for
>
> http://<IP_address>/XYtest/jsp/Viewer/View.jsp
>
> and it tries to match it with your proxy statement :
>
> ProxyPass /XYtest/*.jsp ajp://localhost:8009/XYtest
>
> It does not match (see below), so Apache httpd serves it itself, directly
> from disk.
> That is why you see the source : Tomcat never sees this request, and Apac=
he
> has no idea that a ".jsp" file is anything else than text.
>
> Now why does it not match ?
> Because the ProxyPass directive does not understand wildcards or regexp.
> For that, you should us "ProxyPassMatch", for example like this :
>
> ProxyPassMatch "/XYtest/.*\.jsp$" ajp://localhost:8009/XYtest
>
> But it is still a bad idea.
> Why ?
>
> Suppose that in the directory /opt/test/XYtest, there is a sub-directory
> named "WEB-INF", and in that directory is a file "web.xml".
> This file is a configuration file for your Tomcat web application, and it
> may contain things like passwords for accessing a database for example.
> For that reason (security), Tomcat /never/ allows a user to request a
> document within the WEB-INF sub-directory of a web application.
>
> But with your setup, anyone can ask for the URL :
> http://<IP_address>/XYtest/WEB-INF/web.xml
>
> and Apache httpd will happily return that file (also as a text file).
> So, with you setup, you are bypassing an important security feature of
> Tomcat, because you are allowing Apache httpd to go "around it".
>
> There are different possibilities to fix your configuration.
> The first one would be to do this in Apache :
>
> ProxyPass /XYtest ajp://localhost:8009/XYtest
>
> and NOT define the directory /opt/test/XYtest in any way in Apache.
> That way, any request for a URL starting will /XYtest will be forwarded
> directly to Tomcat, and Tomcat will happily serve html pages (like
> index.html) as well as Apache.
> And it knows how to handle jsp pages too.
>
> Now, if all you want to do is serve html pages and jsp pages, you could a=
lso
> wonder if you need Apache httpd and mod_prox_ajp at all. You could set
> Tomcat to answer directly on port 80, get rid of Apache httpd, and simpli=
fy
> your configuration.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



--=20
Best Regards / S pozdravem
Petr Hracek

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org