Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere.
John -----Original Message----- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: <servlet-mapping> <servlet-name>invoker</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> And then it starts to work. But you said that this is not safe, right? --- "Turner, John" <[EMAIL PROTECTED]> wrote: > > That's why it isn't working. > > As I said, the Invoker servlet is disabled by > default in recent versions of > 4.1.x due to security reasons. It is enabled in the /examples > application. > > You can: > > 1) map your servlet(s) in your application's web.xml > file and leave the > Invoker servlet disabled > > OR > > 2) leave your web.xml alone and enable the Invoker > servlet. > > If you choose #2, and you're going into production, > you should understand > the security issues before you go live. If your web application may > be deployed on a server that you don't control, you > should choose #1, since > that will work all the time. > > John > > -----Original Message----- > From: Mark Liu [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 25, 2003 12:44 PM > To: Tomcat Users List > Subject: RE: A follow-up of my last post > > > Virtually, I don't have anything for my /x509 > web.xml. > > Here is my /x509 web.xml: > > **** beginning of x509 web.xml ***** > > <?xml version="1.0" encoding="ISO-8859-1"?> > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web > Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > <display-name>X509 Project</display-name> > <description> > X509 Public Key Certificate Authentication > </description> > </web-app> > > **** end of x509 web.xml ***** > > I remember in earlier versions of Tomcat, any web > application should work just fine with a primitive > web.xml like so: > > *** beginning of a primitive web.xml **** > > <?xml version="1.0" encoding="ISO-8859-1"?> > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web > Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > </web-app> > > *** end of a primitive web.xml **** > > Is the servlet mapping a new Tomcat rule? Is there > any way I can have my web application work without > mapping each servlet? > > Thanks. > > Mark > > --- "Turner, John" <[EMAIL PROTECTED]> wrote: > > > > Do you have a mapping for the servlet(s) in your > application's web.xml > > file? > > > > The Invoker servlet is disabled by default in > recent > > versions of 4.1.x for > > security reasons, but it is enabled in the > /examples > > web.xml. > > > > John > > > > > > -----Original Message----- > > From: Mark Liu [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, January 25, 2003 3:09 AM > > To: [EMAIL PROTECTED] > > Subject: A follow-up of my last post > > > > > > Also please note that I have changed Marty Hall's > > ServletUtilities.java and ShowParameters.java > according my system. > > > > For example, I commented out the package line. > > > > Any way, as I said in the last post, the servlet > > works > > great if I put it under Tomcat's examples > > application. > > > > It just does not work under my newly-created x509 > application. > > > > I don't understand this. > > > > Please kindly help. > > > > Thanks. > > > > Mark. > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up > > now. > > http://mailplus.yahoo.com > > > > -- > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > --- > > > > Checked by AVG anti-virus system > > (http://www.grisoft.com). > > Version: 6.0.443 / Virus Database: 248 - Release > > Date: 1/10/2003 > > > > > > --- > > > > Checked by AVG anti-virus system > > (http://www.grisoft.com). > > Version: 6.0.443 / Virus Database: 248 - Release > > Date: 1/10/2003 > > > > > > -- > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up > now. > http://mailplus.yahoo.com > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > --- > > Checked by AVG anti-virus system > (http://www.grisoft.com). > Version: 6.0.443 / Virus Database: 248 - Release > Date: 1/10/2003 > > > --- > > Checked by AVG anti-virus system > (http://www.grisoft.com). > Version: 6.0.443 / Virus Database: 248 - Release > Date: 1/10/2003 > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > === message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
