You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2010/10/26 04:57:04 UTC
DO NOT REPLY [Bug 50153] Remapping the default servlet
https://issues.apache.org/bugzilla/show_bug.cgi?id=50153
--- Comment #1 from Chuck Caldarale <ch...@unisys.com> 2010-10-25 22:56:58 EDT ---
(In reply to comment #0)
> Since I'm using a framework that maps its own servlet to /*, I have to remap
> the default servlet. In Tomcat 7.0.0 this mapping was working:
>
> <servlet-mapping>
> <servlet-name>default</servlet-name>
> <url-pattern>/static/</url-pattern>
> </servlet-mapping>
>
> But it doesn't in Tomcat 7.0.4
Unfortunately, you have been taking advantage (?) of a security hole in the
default servlet that allowed an ill-specified <url-pattern> to serve static
content from arbitrary locations. As noted in the 7.0 changelog, the related
bug report can be found here:
http://issues.apache.org/bugzilla/show_bug.cgi?id=50026
The normal way to correctly implement this is to place the static content under
a known, real location, and configure that in <url-pattern>. Alternatively, a
filter can be used to detect static references and forward them to the
DefaultServlet. One could also use the appropriate suffix notation in the
<url-pattern> to direct requests to the DefaultServlet.
- Chuck
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org