This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have seen in the recent application servers, I think those having servlet engines for Servlet 2.3 onwards, you cannot invoke the servlet just by placing it in the classes and then using the url .../servlet/...
Try using servlet-mapping in the web.xml and then reload the web application.
Joined: Mar 08, 2004
Hello Siyaa Hoffman,
Thanks for your help. My application is now running. But I got some doubts here.
servlet-mapping tags in web.xml, links the url typed (which referes servlet) to the appropriate servlet. But I want to set security constraints in such a manner that some of the servlets may be directly referred by a user (by typing appropriate url) but others are not accessible. At the same time in my application, any servlet can refer any other servlet without any constraint. Can you include steps that are tobe embedded in web.xml to accomplish a task like this.
Do NOT use the /servlet/ approach for any serious work. See the JavaRanch FAQ on the Invoker. Have you read the security documentation that is installed with Tomcat? Bill
Joined: Mar 08, 2004
I have used the approach as stated above. Iam able to access servlets pertainging to my chat application but Iam unable to set security constraints in such a manner that no user can invoke a servlet by directly typing the URL corresponding to the servlet and the same time any servlet must be able to access all other servlets. In my application, I have implemented the below approach. But what happens is the corresponding servlet is not invoked by the login.html page once the user is authorized to enter. Contents of web.xml is listed as follows.
<!-- Define servlet mappings for servlets that are included in the this application --> <servlet-mapping> <servlet-name>HelloWorldExample</servlet-name> <url-pattern>/HelloWorldExample</url-pattern> </servlet-mapping>
Here servet by name 'Login' is not accessible even by login.html (which is not desired) and by user - who directly types path of servlet (which is desired). Kindly suggest me the approach that enables all the html files or servlets in my aplication can refer any other servlet. At the same, users must not be able to invoke the servlet just by typing the path pertaining to the servlet.