Ahh, here's something in my catalina.out.
ERROR reading java.io.FileInputStream@67ff4773
At Line 265 /web-app/servlet-mapping/
ERROR reading java.io.FileInputStream@4190770
At Line 265 /web-app/servlet-mapping/
Apache Tomcat is returning 404's for various URLs. This is after I
comment out the invoker servlet in tomcat's web.xml (I don't get the
404's or the errors in my catalina.out with the invoker enabled). The
webapps do have servlets defined... since the manager webapp is widely
distributed I'll go with that one:
<servlet>
<servlet-name>Manager</servlet-name>
<servlet-class>org.apache.catalina.servlets.ManagerServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
</servlet>
<!-- Define the Manager Servlet Mapping -->
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
And here's another example with the mapping done differently:
<servlet>
<servlet-name>JiveServlet</servlet-name>
<servlet-class>com.jivesoftware.forum.util.JiveServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>JiveServlet</servlet-name>
<url-pattern>/servlet/JiveServlet/*</url-pattern>
</servlet-mapping>
I get 404's for both. Is it something about the servlet-mapping entry
in these webapp's web.xml which is throwing me off here?
Thanks again,
Daniel
[EMAIL PROTECTED] wrote:
>See below:
>
>>-----Urspr�ngliche Nachricht-----
>>Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>Gesendet: Freitag, 12. Juli 2002 14:18
>>An: [EMAIL PROTECTED]
>>Betreff: Few questions with XSS vulnerability
>>
>>
>>Since I can't upgrade to the latest beta (trying to stick
>>with RPM's), the suggested workaround is to unmap /servlet/ in
>>tomcat's web.xml. By unmapping that, what changes would I likely
>>need to make in the tomcat or webapps web.xml to avoid 404 errors
>>
>
>As I understand it, it's enough to disable the generic invoker servlet.
>(That mean that you have to define all your servlets explicitly if
>that's not already the case)
>
>>Would I need to do this for each .jsp in that webapp?
>>
>
>No, you don't need the invoker servlet to run jsp's.
>(The jsp servlet is defined explicitly per default)
>
>>Beyond that, am I also likely to need to add an entry
>>WEB-INF/web.xml for each .jar in its WEB-INF/lib? What
>>would these entries be if any?
>>
>
>When tomcat starts it includes automatically all jar files
>in the lib directories into the classpath.
>
>--
>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
