Hi, A couple of comments, hopefully helpful ;) - You should package your classes. If you don't, it'll look for them in the default package of org.apache.jsp, where they aren't, hence they error ;)
- It would be insecure, and bad style, to not import all and only the classes you need in a given java program (servlet, jsp, whatever). I've seen so many problems arise from setups where people try to make classes in some directory automatically imported. It's really not worth your time and effort to have something (a custom ClassLoader? a watchdog thread?) automatically load any class in WEB-INF/classes into memory. Instead, make it a strict policy that all the files must import precisely what they need. A tool like import scrubber (on sourceforge) can help with this in an automated fashion as well. - What you call "JRun does not have that problem", I call (and have seen exploited!) a serious security risk in JRun. I believe it's fixed now, by the way, and you have to declare classes in precisely in JRun as well. Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Mushtaq, Hassan [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 31, 2002 6:53 PM >To: 'Tomcat Users List' >Subject: RE: Ttomcat 4.0.4 Configuration > >Thanks for your reply. But in question one, I meant what to do with user >defined classes? The tomcat does not pick user defined classes from >classes >folder, I get an error if i dont import even a class written by me, like >for >example I have a class MyClass, I put it under classes folder, then still I >have to write <%@ page import=MyClass%> to make it work, otherwise it says >that org.apache.jsp.MyClass cannot be found. While I have used JRun server >before, it does not have that problem, it picks from lib folder or classes >folder as well. Thanks. > > >Hassan Mushtaq > UHCL > > > >-----Original Message----- >From: Sullivan, Mark E [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 31, 2002 5:34 PM >To: 'Tomcat Users List' >Subject: RE: Ttomcat 4.0.4 Configuration > > > > >> -----Original Message----- >> From: Mushtaq, Hassan [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, July 31, 2002 5:34 PM >> To: '[EMAIL PROTECTED]' >> Subject: Ttomcat 4.0.4 Configuration >> >> >> Hi, I have two questions: >> >> 1. Can I configure tomcat somehow that if we put some class file in >> WEB-INF/classes folder we do not have to write page import staement? >> whatever in the classes should be visible to jsp page directly. > >the page import statements can be thought of as declaring a namespace. For >example, instead of using > ><%@ page import = "java.util.ArrayList" %> ><% ArrayList al = new ArrayList(); %> > >You could not use the page import and just do > ><% java.util.ArrayList al = new java.util.ArrayList(); %> > >Tomcat really has nothing to do with this, it's just how java works. > > > >> >> 2. How can I configure tomcat in such a was that >> WEB-INF/classes folder >> should be for servlets only and user classes and beans should go to >> WEB-INF/lib folder? When someone puts a class in classes >> folder that is not >> servlet and tries to run it, the tomcat should give 404 (page >> not found) >> error. > >tomcat will throw an internal error (maybe a 404) if someone trys to do >this, unless the class extends HttpServlet ( hence making it a servlet), >because tomcat is looking for that interface on the class. That will keep >non-servlets out of the classes directory. As far as keeping servlets out >of >the lib directory, i don't think there is any way to do that. If you do not >let them change the web.xml file for the webapp, they will not be able to >get at their servlet anyways. This is probably the only way to restrict >something like that. > > > > >> >> Thanks. >> >> Hassan Mushtaq >> Research Assisstant at University of Houston Clearlake >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > >-- >To unsubscribe, e-mail: <mailto:tomcat-user- >[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:tomcat-user- >[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
