On Fri, 3 May 2002, Christopher K. St. John wrote: > Iv�n Escobedo wrote: > > > > Folks, i have one question, how can i prevent, thru > > apache or tomcat, the access to a servlet, i mean, > > i wrote directly http://www.domain.com/servlet/SomeServlet > > > > You may already know this, but for the benefit of others: > > <mini-rant> > Tomcat has this awful, confusing "feature" that you don't have to > use web.xml to set up servlet mappings. There's an automatic > mapping added so that any url's like this: > "/servlet/this.is.a.class.name" will call your servlet. The > "/servlet" mapping is not in the spec, and it won't work on other > containers. If Microsoft did it, everyone would be screaming about > "embrace and extend". Heh. > </mini-rant> > > Anyway, you can turn it off. In Tomcat 4 there's a default web.xml > file in conf/web.xml. Go in there and comment out the > "InvokerServlet" mapping.
Well, you're right, but in fairness, this behavior -- where you can use "/servlet/" in the URL and call servlets by class name -- has been there since the early early days of servlets. I don't recall whether it was in the spec then, but IIRC, most/all early servlet engines (not servlet containers back then :-) allowed it -- in fact, it was there before you could define servlets and do servlet mapping. So it's a legacy feature, and not one linked to any proprietary systems. And I actually like it, and don't think it's confusing at all :-). As you point out, it can easily be disabled (perhaps that should be the default). Milt Epstein Research Programmer Systems and Technology Services (STS) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
