You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by anil <an...@awcoldstream.com> on 2000/10/11 21:19:56 UTC

Tomcat 4.0 Milestone 2 + Cocoon-1.8

Hi All,

I am trying to run Tomcat.4.0M2 and cocoon and on the XSL page I get
error like this. The way I understand is that XSL creates java file and
when it goes compile that java file, it does not have the cocoon class
path. The user that runs tomcat have cocoon on his class path. Every
other cocoon examples work. Like xml file and style sheet works ok. How
do I get over with this java file compile issue. On the cocoon context
(that is where all the xml files sitting) has compile class on
WEB-INF/classes folder.

Thanks
Anil

note: To compile cocoon-1.8 with servlet 2.3 you have to add three dummy
methods to or/apache/cocoon/EngineWrapper.java

java.lang.Exception: XSP Java Compiler: Compilation failed for
_page.java
      12: Package org.apache.cocoon.parser not found in import.
          import org.apache.cocoon.parser.*;
                 ^
      13: Package org.apache.cocoon.producer not found in import.
          import org.apache.cocoon.producer.*;
                 ^
      14: Package org.apache.cocoon.framework not found in import.
          import org.apache.cocoon.framework.*;
                 ^
      16: Package org.apache.cocoon.processor.xsp not found in import.
          import org.apache.cocoon.processor.xsp.*;
                 ^
      17: Package org.apache.cocoon.processor.xsp.library not found in
import.
          import org.apache.cocoon.processor.xsp.library.*;
                 ^
      22: Superclass
_usr._local._jakarta._build._tomcat_4_0._webapps._cocoon._servlets._xsp.XSPPage
of class
_usr._local._jakarta._build._tomcat_4_0._webapps._cocoon._servlets._xsp._page
not found.
          public class _page extends XSPPage {
                                     ^

Re: JSP security article

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

William Brogden wrote:

> Here is an interesting article on server security:
> http://www.builder.com/Servers/SecurityIssues/100400/?tag=st.bl.3880.linksgp
>
> Tomcat is not mentioned - I wonder if it is vulnerable to these
> exploits?
>

When the original Foundstone report came out about this bug (several
months
ago), Tomcat was corrected.  I believe that was prior to 3.1 final, but
I'm not
positive -- I know that it has been corrected in 3.2 and 4.0.

Note that this vulnerability will only occur on a server platform that
does
*not* use case sensitive filenames.  On a Linux box, for example, asking
for
"date.JSP" when the real file is "date.jsp" will simply return "file not
found".

>
> --
> WBB - wbrogden@bga.com  Chief Scientist, LANWrights, Inc.
> Java Programmer Certification information and mock exam
> at  http://www.lanw.com/java/javacert/

Craig McClanahan

====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

JSP security article

Posted by William Brogden <wb...@bga.com>.

Here is an interesting article on server security:
http://www.builder.com/Servers/SecurityIssues/100400/?tag=st.bl.3880.linksgp

Tomcat is not mentioned - I wonder if it is vulnerable to these
exploits?

-- 
WBB - wbrogden@bga.com  Chief Scientist, LANWrights, Inc.
Java Programmer Certification information and mock exam
at  http://www.lanw.com/java/javacert/