Hi Larry, as someone who has only been using tomcat (apart from the deploy tool) since August and who has had to greatly improve my Java skills since the same time...
I suggest the best way to learn is to get your hands dirty, so to speak. Thoroughly read the provided Tomcat docs including any ReadMe files you can get your hands on. Get you hands on any example server.xml files that you can (there'll probably be some in your books and on the web). As for Java, find some good books to teach you Java and JSPs. I found Java a very steep learning curve at first. I have also found the following Java site very useful (and the book that goes with it): http://javagently.cs.up.ac.za/ and these pages: http://java.sun.com/j2se/1.3/docs/api/ I expect you'll find all the pages quoted by Nathan as being useful also. I've found the best way is to dive in and use them, preferably install Suns Java compiler and Tomcat onto a system somewhere where they can't do major harm if they go wrong (ie. not a server that's already in use!) and just have a go. I've had to do a lot of it on an up and running server but I don't advise this!! Anyway those are just some thoughts and suggestions that may or may not work for you. Hope it helps. Adam. On Tue, 2004-05-11 at 15:16, lrnobs wrote: > Nathan, > > I am a newbie to Java and Tomcat, and I did spend two days with two Tomcat > books I bought and Google trying to find some instructions I could > understand before posting a question to this list. Please let me know if > there is a list more appropriate for new users. > > Thanks, > > Larry Nobs > > > ----- Original Message ----- > From: "Nathan Maves" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Tuesday, May 11, 2004 8:56 AM > Subject: Re: Filter on url example - Filter out hack attempts > > > > First of this is not a Tomcat question. This type of information is > > always available at http://java.sun.com or http://forum.java.sun.com/ > > > > To answer your question....Yes. in-fact you can place the class where > > ever you want as long as it is in your classpath. Of course you will > > also have to change the <filter-class> attribute accordingly. > > > > Nathan > > On May 11, 2004, at 7:42 AM, lrnobs wrote: > > > > > Yoav, > > > > > > So from what I know so far my > > > /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look > > > like the > > > following: > > > > > > <web-app> > > > <filter> > > > <filter-name>UrlFilter</filter-name> > > > <filter-class>UrlFilter</filter-class> *Don't know how this should > > > layout.* > > > </filter> > > > > > > <filter-mapping> > > > <filter-name>UrlFilter</filter-name> > > > <url-pattern>/*</url-pattern> > > > </filter-mapping> > > > > > > <welcome-file-list> > > > <welcome-file>index.jsp</welcome-file> > > > <welcome-file>index.html</welcome-file> > > > </welcome-file-list> > > > </web-app> > > > > > > > > > Do I then create > > > /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? > > > > > > > > > public class UrlFilter implements Filter { > > > ... > > > public void doFilter(...) { > > > if(req instance of HttpServletRequest) { > > > HttpServletRequest hreq = (HttpServletRequest) req; > > > String uri = hreq.getRequestURI(); > > > if(allow(uri)){ > > > chain.doFilter(req, res); > > > } else { > > > ...........Send to Null > > > // Do whatever: error page, redirect, etc. > > > } > > > } else { > > > // Non-HTTP requests > > > chain.doFilter(req, res); > > > } > > > } > > > > > > private boolean allow(String uri) { > > > // Look up allowed urls in a DB, Collection, whatever > > > > > > SubstringTest = False; > > > SubstringTest = string.indexOf("GET / HTTP/1.1") > 0; > > > if(SubstringTest = True) return True; > > > Do the same for the rest > > > //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp > > > //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif > > > } } > > > > > > Thanks, > > > > > > Larry Nobs > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > >> Hi, > > >> This is a trivial filter: > > >> public class URLFilter implements Filter { > > >> ... > > >> public void doFilter(...) { > > >> if(req instance of HttpServletRequest) { > > >> HttpServletRequest hreq = (HttpServletRequest) req; > > >> String uri = hreq.getRequestURI(); > > >> if(allow(uri)){ > > >> chain.doFilter(req, res); > > >> } else { > > >> // Do whatever: error page, redirect, etc. > > >> } > > >> } else { > > >> // Non-HTTP requests > > >> chain.doFilter(req, res); > > >> } > > >> } > > >> > > >> private boolean allow(String uri) { > > >> // Look up allowed urls in a DB, Collection, whatever > > >> } > > >> } > > >> > > >> I omitted full prototype declarations above due to laziness. It's the > > >> javax.servlet.Filter interface. > > >> > > >> Take a look at the balancer webapp that ships with tomcat 5. The > > >> URLStringMatchRule is pretty close to what you want, and can be easily > > >> extended with a list of allow patterns and/or deny patterns. Tomcat > > >> has > > >> something similar as the base Valve for the RemoteAddr/RemoteHost > > >> valves. > > >> > > >> Yoav Shapira > > >> Millennium Research Informatics > > >> > > >> > > >>> -----Original Message----- > > >>> From: lrnobs [mailto:[EMAIL PROTECTED] > > >>> Sent: Saturday, May 08, 2004 9:11 PM > > >>> To: Tomcat Users List > > >>> Subject: Filter on url example - Filter out hack attempts > > >>> > > >>> I have had no luck Googling so far for an example on how to filter > > >> based on > > >>> urls. > > >>> > > >>> I thought I might put this in the AccessLogValve but will do whatever > > >>> works. > > >>> > > >>> I have a limited number of jsp's and graphics on my site and would > > >>> like > > >> to > > >>> filter out all of the hack attempts that fill up my logs. > > >>> > > >>> I would like to do something like this (in plain english) > > >>> > > >>> Accept > > >>> GET / HTTP/1.1 > > >>> GET / HTTP/1.0 > > >>> *page1.jsp* > > >>> *page2.jsp* > > >>> *page3.jsp* > > >>> *page4.jsp* > > >>> *page5.jsp* > > >>> *graphic1.gif* > > >>> *graphic2.gif* > > >>> > > >>> Drop All Other Requests - they are just hack attempts > > >>> > > >>> Thanks, > > >>> > > >>> Larry Nobs > > >>> > > >>> > > >>> > > >>> --------------------------------------------------------------------- > > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> > > >> This e-mail, including any attachments, is a confidential business > > > communication, and may contain information that is confidential, > > > proprietary > > > and/or privileged. This e-mail is intended only for the individual(s) > > > to > > > whom it is addressed, and may not be saved, copied, printed, disclosed > > > or > > > used by anyone else. If you are not the(an) intended recipient, please > > > immediately delete this e-mail from your computer system and notify the > > > sender. Thank you. > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> > > >> > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
