[jira] Commented: (GERONIMO-479) Root of WebApp Displays WEB-INF and META-INF Directories
[ http://issues.apache.org/jira/browse/GERONIMO-479?page=comments#action_12330408 ] David Jencks commented on GERONIMO-479: --- I don't really see the point in working hard to disable directory listings. People should use welcome files :-). In any case please close this whether or not you open a longer term issue. Root of WebApp Displays WEB-INF and META-INF Directories Key: GERONIMO-479 URL: http://issues.apache.org/jira/browse/GERONIMO-479 Project: Geronimo Type: Bug Components: web Versions: 1.0-M3 Environment: WinXP, JDK 1.4.2 Reporter: Seth Ladd Priority: Critical Fix For: 1.0-M5 Attachments: listBug.ear I deployed a simple webapp containing nothing more than a web.xml. There is no welcome.jsp configured or provided. The deploy was OK, but when I browse to http://localhost:8080/testbed I see a directory listing, with the directories WEB-INF and META-INF listed. This, itself, should not happen. When clicking on WEB-INF, I generate a StackOverflow. I would expect a nice Forbidden message, or even a 404 (or whatever the Servlet spec says). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-479) Root of WebApp Displays WEB-INF and META-INF Directories
[ http://issues.apache.org/jira/browse/GERONIMO-479?page=comments#action_12330106 ] Kevan Miller commented on GERONIMO-479: --- I just verified that HEAD is behaving as Petr previously described. I also had a look at the Servlet Spec. Section SRV.9.10 Welcome Files seems to cover this scenario. It states that if a welcome file is not found, the container can do what it wants. Returning a 404 or a directory listing are options listed as things that a container might want to do. So, Jetty is perfectly within its rights... So, I say close this one out... Root of WebApp Displays WEB-INF and META-INF Directories Key: GERONIMO-479 URL: http://issues.apache.org/jira/browse/GERONIMO-479 Project: Geronimo Type: Bug Components: web Versions: 1.0-M3 Environment: WinXP, JDK 1.4.2 Reporter: Seth Ladd Priority: Critical Fix For: 1.0-M5 Attachments: listBug.ear I deployed a simple webapp containing nothing more than a web.xml. There is no welcome.jsp configured or provided. The deploy was OK, but when I browse to http://localhost:8080/testbed I see a directory listing, with the directories WEB-INF and META-INF listed. This, itself, should not happen. When clicking on WEB-INF, I generate a StackOverflow. I would expect a nice Forbidden message, or even a 404 (or whatever the Servlet spec says). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-479) Root of WebApp Displays WEB-INF and META-INF Directories
[ http://issues.apache.org/jira/browse/GERONIMO-479?page=comments#action_12330111 ] Aaron Mulder commented on GERONIMO-479: --- It would be nice to offer a configuration option to disable directory listings. If no one objects I'll close this issue and enter a longer-term issue for that. Root of WebApp Displays WEB-INF and META-INF Directories Key: GERONIMO-479 URL: http://issues.apache.org/jira/browse/GERONIMO-479 Project: Geronimo Type: Bug Components: web Versions: 1.0-M3 Environment: WinXP, JDK 1.4.2 Reporter: Seth Ladd Priority: Critical Fix For: 1.0-M5 Attachments: listBug.ear I deployed a simple webapp containing nothing more than a web.xml. There is no welcome.jsp configured or provided. The deploy was OK, but when I browse to http://localhost:8080/testbed I see a directory listing, with the directories WEB-INF and META-INF listed. This, itself, should not happen. When clicking on WEB-INF, I generate a StackOverflow. I would expect a nice Forbidden message, or even a 404 (or whatever the Servlet spec says). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-479) Root of WebApp Displays WEB-INF and META-INF Directories
[ http://issues.apache.org/jira/browse/GERONIMO-479?page=comments#action_58966 ] Petr Sickboy Hejl commented on GERONIMO-479: I tested this bug today with GERONIMO-569 (StackOverflow) patch by Greg Wilkins. Summary is: 1) when no welcome file is specified, server list out the content of app root directory (and I'm not sure if this is incorrect..., someone who knows the specification could help?) 2) if user tries to access the WEB-INF or META-INF directory 404 is returned (so it is nice and correct, isn't it?) If the behaviour described in item 1) is correct, this issue should be closed. I attach my test webapp ;) Root of WebApp Displays WEB-INF and META-INF Directories Key: GERONIMO-479 URL: http://issues.apache.org/jira/browse/GERONIMO-479 Project: Apache Geronimo Type: Bug Components: web Versions: 1.0-M3 Environment: WinXP, JDK 1.4.2 Reporter: Seth Ladd I deployed a simple webapp containing nothing more than a web.xml. There is no welcome.jsp configured or provided. The deploy was OK, but when I browse to http://localhost:8080/testbed I see a directory listing, with the directories WEB-INF and META-INF listed. This, itself, should not happen. When clicking on WEB-INF, I generate a StackOverflow. I would expect a nice Forbidden message, or even a 404 (or whatever the Servlet spec says). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-479) Root of WebApp Displays WEB-INF and META-INF Directories
[ http://issues.apache.org/jira/browse/GERONIMO-479?page=comments#action_58616 ] Petr Sickboy Hejl commented on GERONIMO-479: Stack overflow could has the same reason as in http://issues.apache.org/jira/browse/GERONIMO-395 (comment and patch). Root of WebApp Displays WEB-INF and META-INF Directories Key: GERONIMO-479 URL: http://issues.apache.org/jira/browse/GERONIMO-479 Project: Apache Geronimo Type: Bug Components: web Versions: 1.0-M3 Environment: WinXP, JDK 1.4.2 Reporter: Seth Ladd I deployed a simple webapp containing nothing more than a web.xml. There is no welcome.jsp configured or provided. The deploy was OK, but when I browse to http://localhost:8080/testbed I see a directory listing, with the directories WEB-INF and META-INF listed. This, itself, should not happen. When clicking on WEB-INF, I generate a StackOverflow. I would expect a nice Forbidden message, or even a 404 (or whatever the Servlet spec says). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira