You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nicholas Waltham <in...@nwaltham.com> on 2001/10/11 06:13:39 UTC

Re: Problem with JSP Pages 

Hello Marc,
  Thank you very much for your message and suggestion. Unfortunately one of
our users requirements is that that the URLs not be case sensitive. However
you
mention this might cause security problems, could you point me to any
resources
which detail information about this security problem, or if you have a
moment
just outline what this problem involves? This could be useful when
suggesting a change
to the user requirements.

Thanks in advance,
Nicholas Waltham


----- Original Message -----
From: "Marc Saegesser" <ma...@apropos.com>
To: <to...@jakarta.apache.org>
Sent: Thursday, October 11, 2001 12:05 AM
Subject: RE: Problem with JSP Pages


> Switch to a later version of Tomcat.  As of 3.2 all URLs are case
sensitive
> (to avoid security problems on non-case sensitive operating systems) so
you
> can't get into this situation.
>
>
> Marc Saegesser
>
> > -----Original Message-----
> > From: Nicholas Waltham [mailto:info@nwaltham.com]
> > Sent: Wednesday, October 10, 2001 12:24 PM
> > To: tomcat-dev@jakarta.apache.org
> > Cc: tomcat-user@jakarta.apache.org
> > Subject: Problem with JSP Pages
> >
> >
> > We are running IIS 4.0 on NT with the isapi_redir.dll
> >
> > Servlet-Engine:Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.2.2;
> > Windows
> > NT 4.0 x86; java.vendor=Sun Microsystems Inc.)
> >
> >
> > We found out that the problem is in the way Tomcat handles requests and
> > creates precompiled files for jsp.
> >
> > As we already notice, the following works
> > http://localhost/ag/AGL/aglw/Aquastatweb/dbase/html/dbase1.jsp
> > And the following does not
> > http://localhost/ag/AGL/aglw/aquastatweb/dbase/html/dbase1.jsp
> > Please note the lowercase "a" in the second URL.
> >
> > I then copied dbase1.jsp to dbase3.jsp and called it (the first time)
> > using the following URL
> > http://localhost/ag/AGL/aglw/aquastatweb/dbase/html/dbase3.jsp
> > And it works.
> > Then, trying with
> > http://localhost/ag/AGL/aglw/Aquastatweb/dbase/html/dbase3.jsp it does
> > not.
> >
> > This means that Tomcat creates the precompiled files when it gets the
> > first request and fixes the case.
> >
> > Infact under d:\Tomcat\work\localhost_8080%2Fag we can find the files
for
> > both pages that are
> >
> > _0002fAGL_0002faglw_0002fAquastatweb_0002fdbase_0002fhtml_0002fdbase_000
> > 31_0002ejspdbase1.class
> > _0002fAGL_0002faglw_0002faquastatweb_0002fdbase_0002fhtml_0002fdbase_000
> > 33_0002ejspdbase3.class
> >
> > Again, note the lowercase "a".
> >
> > Therefore, in a case insensitive enviroment of Windows NT with NTFS,
there
> > is a case sensitivity
> > once the precompiled files have been created. The name can be different
> > depending on the case
> > used the first time the URL is used.
> >
> > How can we solve this problem!!! Is this problem known, is there a
patch?
> >
> > Thanks in advance,
> > Nicholas Waltham
>