Philip Weaver wrote:
>
> Hello -
>
> I'm trying to create servlet mappings for a servlet that I'd like to exist
> at the TOP LEVEL of my webapp in Tomcat. You'd think that this task wouldn't
> be a pain in the rear but I'm finding it to be so. If you know how to
> configure web.xml and a servlet to handle this, please help. I'm about to
> scream at the walls.
>
> The entire goal that I'm pursuing is to provide login security for my web
> app.
>
> I know how to create servlet mappings in web.xml and I basically know how to
> use RequestDispatcher. However, I'm running into either of these two
> problems.
>
> A. I end up with an entry servlet that is recursively called whenever I
> call RequestDispatch.forward() based on the following web.xml setup. I
> understand why this occurs, but how do I get around this and still have all
> requests be handled by the entry mapping.
>
> <servlet>
> <servlet-name>entry</servlet-name>
> <servlet-class>EntryServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>entry</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
Yes, this is a real bitch in Servlet 2.2. The best you can do is use
different URI patterns: one for all links in your applications that
maps to the authentication servlet, and another that maps to your
real servlets (and/or JSP pages). For instance, use this for mapping for
your EntryServlet:
<servlet-mapping>
<servlet-name>entry</servlet-name>
<url-pattern>/protected</url-pattern>
</servlet-mapping>
and something like this for all your real servlets:
<servlet-mapping>
<servlet-name>myRealServlet</servlet-name>
<url-pattern>/real/myRealServlet</url-pattern>
</servlet-mapping>
Now a request for /protected/myRealServlet is handled by your entry
servlet, and the entry servlet can use the RD to forward to
/real/myRealServlet.
To prevent your real servlets to be accessed directly, define a
security constraint for "/real" so that they only can be accessed
by a role that is not assigned to anybody. Access through the RD is
not subject to access control, so your servlet can still forward
to the real servlets.
I know, this is not what you wanted. But it's all you can get in Servlet 2.2
if you stick to the standard API.
The solution you're looking for is provided by filters in Servlet 2.3. They
were added for exactly this purpose (plus a lot of similar scenarios). You
can read about filters in Jason Hunter's JavaWorld articles:
<http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html>
<http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html>
> B. The other problem I encounter is that sometimes when I request a
> page, is that page is not found (404). I'm begining to think that it's
> because the forward() method is relative to the requested URI which is
> actually a freaking filename (?). Right? This is driving me nuts.
I'm not sure I follow. The ServletContext.getRequestDispatcher() method
takes a context-relative path (starting with a slash) so it's not relative
to the request URI at all. The ServletRequest.getRequestDispatcher()
method takes a path that is relative to the current request URI. But in
neither case is there a file name involved; only URIs.
> Can anyone point me to an example of a working setup that handles all
> requests sent to the entire webapp (root level)? I had this working before
> in Resin but can't get that same setup to work in Tomcat.
I hope this helped.
Hans
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
