Rapha�l Luta wrote:
>
> burtonator wrote:
> >
> > Scott Fraser wrote:
> > <snip>
> > > However it appears in JetspeedDiskCache.java, at line 210, that if the
> > > URL appears to belong to the current server, a file URL is substituted
> > > using JetspeedDiskCache.getLocalWebURL().
> > >
> > > So I guess our question is "why does it work like this", and what (if
> > > anything) would be recommended for someone in our situation. For
> > > instance, we may have servlets running under tomcat on the same host,
> > > and we would want to hit them directly to fetch some XML. Is there a
> > > better way to deal with this? By bypassing the FileServer/DiskCache
> > > stuff are we creating problems for ourselves?
> >
> > Oh... yes. This is something I didn't consider (am I am moron or what?
> > :)...
> >
> > This was done for performance reasons. It is much cheaper to fetch this
> > URL from the filesystem instead of the HTTP server. There needs to be
> > some detection code here.
> >
> > - if file exists
> > - use local file
> > - if file does not exist
> > - assume URL is some type of CGI/dynamic content.
> > - if url does not exist allow the webserver to report an error.
> >
> > I would be +1 for a patch to this. I will put this in TODO as a bug.
> >
>
> That's wrong too Kevin.
> We should *never* try to bypass the server even when it's localhost. Why ?
Not totally. I have known this was a problem for a while. I was
waiting for someone to bring this up :)
> Imagine the file is a jsp, cfm, php,... If you don't use the URL, these won't
> be used correctly.
We need a regular expression entry within JetspeedResources.properties
http.server.dynamic.content=*.jsp
http.server.dynamic.content=*.cfm
http.server.dynamic.content=*/servlet/*
This way we can say that if these URLs are dynamic not to read them from
the filesystem.
I would be +1 for seeing an impl. It really wouldn't be that hard.
Just to be on the safe side I will put this into TODO.
> Let's assume that the administrator knows what he wants, if he uses an http URL,
> use HTTP. If he usesa file URL, access directly to the file.
>
> Note: this was disabled for security reasons. I don't think it's relevant because
> URLs can only happen in the registry which should be maintained by an administrator.
--
Kevin A Burton (e-mail: [EMAIL PROTECTED], UIN: 73488596, ZKey:
burtonator)
http://relativity.yi.org
Message to SUN: "Please Open Source Java!"
To fight and conquer in all your battles is not supreme excellence;
supreme
excellence consists in breaking the enemy's resistance without fighting.
- Sun Tzu, 300 B.C.
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
