You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Thomas <th...@artisan.de> on 2001/04/11 22:04:30 UTC
were to place config files
Hi,
I have some trouble with a configuration file for my servlet. At first I
placed it in the web-inf directory as tomcat does not serve files from that
directory to the net.
But when I tried to access it with
URL configURL = mServletContext.getResource("/Web-inf/foobar.xml");
I get a null-pointer and tomcat tells me that it is an unsafe path?!?
Then I put the file in another subdirectory and tried to block any access to
it, but failed. Now I could read the file, but everyone else could too... At
the end of this mail is part of my web.xml.
I am using tomcat 3.2.1 on a NT-Server. I suppose there is a quite simple
solution to this, but I could not find it. So thanks a lot for any help.
Regards,
Peter
<security-constraint>
<web-resource-collection>
<web-resource-name>ConfigFiles</web-resource-name>
<url-pattern>/servlet-config/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
RE: were to place config files
Posted by Peter Thomas <th...@artisan.de>.
Hi,
I got it figured out. It should have been WEB-INF... I am sorry
Regards,
Peter
> -----Original Message-----
> From: Peter Thomas [mailto:thomasp@artisan.de]
> Sent: Wednesday, April 11, 2001 10:05 PM
> To: tomcat-user@jakarta.apache.org
> Subject: were to place config files
>
>
> Hi,
>
> I have some trouble with a configuration file for my servlet.
> At first I
> placed it in the web-inf directory as tomcat does not serve
> files from that
> directory to the net.
> But when I tried to access it with
>
> URL configURL = mServletContext.getResource("/Web-inf/foobar.xml");
>
> I get a null-pointer and tomcat tells me that it is an unsafe path?!?
>
> Then I put the file in another subdirectory and tried to
> block any access to
> it, but failed. Now I could read the file, but everyone else
> could too... At
> the end of this mail is part of my web.xml.
>
> I am using tomcat 3.2.1 on a NT-Server. I suppose there is a
> quite simple
> solution to this, but I could not find it. So thanks a lot
> for any help.
>
> Regards,
> Peter
>
>
>
>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>ConfigFiles</web-resource-name>
> <url-pattern>/servlet-config/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <user-data-constraint>
>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </web-resource-collection>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Admin</realm-name>
> </login-config>
>
>