tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Invoker and Welcome page
Date Wed, 30 Mar 2016 23:21:56 GMT
Federico,

On 3/30/16 5:14 PM, Federico Alvarez wrote:
> I'm using Tomcat 6.0.44 with Invoker Servlet, I know it is a bad
> idea/decision, but by now it is not in my reach to change that.

You are at risk of attack. That may change your stance on what is within
your reach.

> I'm using the ROOT webapp.
> 
> What I need is to have a welcome page (index.htm) in the same
> directory I'm mapping with invoker.
> 
> So, my WEB.XML looks like this:
> 
> <servlet-mapping>
>   <servlet-name>invoker</servlet-name>
>   <url-pattern>/*</url-pattern>
> </servlet-mapping>

Can you enumerate the URLs you need to use the invoker with, and then
only map those using individual <url-pattern>s? If so, then all your
problems will likely go away.

> And my folder structure looks like this:
> 
> Tomcat
>     Webapps
>         ROOT
>           index.htm
>           images
>              *.js, ...
>           WEB-INF
>              Web.xml
>              Classes
>                *.class, ...
> 
> The idea is for a user to enter the URL:
> 
> http://myserver:8080
> 
> And have it [respond with] "index.htm", which will have a redirect to
> http://myserver:8080/loginpage.
> 
> By now http://myserver:8080/loginpage is working, but not the
> welcome page.
> 
> In Tomcat's WEB.XML the welcome page list is correctly defined, and
> removing the invoker mapping makes the welcome page work. Probably
> because it gets [handled] by the default [servlet]?

Correct.

> It seems to me that one folder can only be [handled] by one [servlet],
> and
> that the invoker cannot be used with welcome pages. But maybe I'm wrong
> and there is a workaround.

No, the DefaultServlet handles welcome-files, and the invoker does
something different. By mapping the invoker servlet to "/*", you are
essentially disabling the DefaultServlet.

> If anyone has any idea of how to have this working it will be more
> than welcome.

If you can enumerate every servlet you expect to require the use of the
invoker, then you can simply map them separately like this:

<servlet-mapping>
  <servlet-name>invoker</servlet-name>
  <url-pattern>/com/geocomm/servlet/ServletA</url-pattern>
  <url-pattern>/com/geocomm/servlet/ServletB</url-pattern>
  <url-pattern>/com/geocomm/servlet/ServletC</url-pattern>
  ...
</servlet-mapping>

This will also close the biggest security problem associated with the
invoker servlet.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message