You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Peter Thomas <th...@artisan.de> on 2001/04/11 22:04:30 UTC

were to place config files

Hi,

I have some trouble with a configuration file for my servlet. At first I
placed it in the web-inf directory as tomcat does not serve files from that
directory to the net.
But when I tried to access it with

URL configURL = mServletContext.getResource("/Web-inf/foobar.xml");

I get a null-pointer and tomcat tells me that it is an unsafe path?!?

Then I put the file in another subdirectory and tried to block any access to
it, but failed. Now I could read the file, but everyone else could too... At
the end of this mail is part of my web.xml.

I am using tomcat 3.2.1 on a NT-Server. I suppose there is a quite simple
solution to this, but I could not find it. So thanks a lot for any help.

Regards,
Peter





    <security-constraint>
        <web-resource-collection>
            <web-resource-name>ConfigFiles</web-resource-name>
            <url-pattern>/servlet-config/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
            <auth-constraint>
                <role-name>admin</role-name>
            </auth-constraint>
        </web-resource-collection>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Admin</realm-name>
    </login-config>

RE: were to place config files

Posted by Peter Thomas <th...@artisan.de>.

Hi,

I got it figured out. It should have been WEB-INF... I am sorry

Regards,
Peter

> -----Original Message-----
> From: Peter Thomas [mailto:thomasp@artisan.de]
> Sent: Wednesday, April 11, 2001 10:05 PM
> To: tomcat-user@jakarta.apache.org
> Subject: were to place config files
> 
> 
> Hi,
> 
> I have some trouble with a configuration file for my servlet. 
> At first I
> placed it in the web-inf directory as tomcat does not serve 
> files from that
> directory to the net.
> But when I tried to access it with
> 
> URL configURL = mServletContext.getResource("/Web-inf/foobar.xml");
> 
> I get a null-pointer and tomcat tells me that it is an unsafe path?!?
> 
> Then I put the file in another subdirectory and tried to 
> block any access to
> it, but failed. Now I could read the file, but everyone else 
> could too... At
> the end of this mail is part of my web.xml.
> 
> I am using tomcat 3.2.1 on a NT-Server. I suppose there is a 
> quite simple
> solution to this, but I could not find it. So thanks a lot 
> for any help.
> 
> Regards,
> Peter
> 
> 
> 
> 
> 
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>ConfigFiles</web-resource-name>
>             <url-pattern>/servlet-config/*</url-pattern>
>             <http-method>DELETE</http-method>
>             <http-method>GET</http-method>
>             <http-method>POST</http-method>
>             <http-method>PUT</http-method>
>             <user-data-constraint>
>                 
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>             </user-data-constraint>
>             <auth-constraint>
>                 <role-name>admin</role-name>
>             </auth-constraint>
>         </web-resource-collection>
>     </security-constraint>
> 
>     <login-config>
>         <auth-method>BASIC</auth-method>
>         <realm-name>Admin</realm-name>
>     </login-config>
> 
>