You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Matthew Stone <ma...@jcafeinc.com> on 2001/06/27 05:09:15 UTC
WebDav Default JSP page
Hello, I'm wondering if there's a way to put a JSP file in the slide WebDav
system so I can control the web interface to the Dav system.
For example, I want to put a index.jsp file into the /users folder so when
an administrator accesses that folder from a web browser then he will be
presented with an HTML administrative view. This way I can prevent folder
browsing, use slide ACL's for access control to the JSP and add my logic to
the administration of that folder.
Right now when I attempt to "put" a JSP file into slide I get the output
contained at the end of this message. It looks like the problem in the
output is related to a configuration of the JspEngine. Meaning the "put"
fires the hook into the JspEngine and the JspEngine attempts to handle the
request. This isn't that big of a deal since it's probably a good thing.
In that it prevents a hacker from uploading a volatile JSP into the Dav
system.
So can you tell me how I can implement the functionality I stated above?
On a second note, as you know, right now the slide webdav/manager servlet(s)
just display a directory listing to HTML clients. How can I override that
behavior? I've looked at the webdav servlet source and the WebDav directory
listing HTML code is generated from there. Do I need to write my own webdav
servlet to eliminate the directory browsing? Is there a better way?
Regards,
Matt
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
2001-06-26 10:52:43 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:43 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:43 - PathInfo: null
2001-06-26 10:52:43 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:43 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:43 - QueryString: null
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
2001-06-26 10:52:43 - Request Params:
2001-06-26 10:52:43 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
26 Jun 2001 22:52:44 - INFO - OPTIONS (time: 10 ms) URI = /courses/Intro To
Word
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
26 Jun 2001 22:52:44 - INFO - OPTIONS (time: 10 ms) URI = /courses/Intro To
Word2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
Ctx( /slide ): 404 R( /slide + /courses/Intro To Word/index.jsp + null) JSP
file not found
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
2001-06-26 10:52:44 - JspEngine --> /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - ServletPath: /courses/Intro To Word/index.jsp
2001-06-26 10:52:44 - PathInfo: null
2001-06-26 10:52:44 - RealPath: C:\JCafe\slide\courses\Intro To
Word\index.jsp
2001-06-26 10:52:44 - RequestURI:
/slide/courses/Intro%20To%20Word/index.jsp
2001-06-26 10:52:44 - QueryString: null
2001-06-26 10:52:44 - Request Params:
2001-06-26 10:52:44 - Classpath according to the init parameter is:
Re: WebDav Default JSP page
Posted by Remy Maucherat <re...@betaversion.org>.
Quoting Matthew Stone <ma...@jcafeinc.com>:
> Hey Remy,
>
> Thanks for the tip on where to start the server from. That did the
> trick.
>
> As for your statement:
>
> Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to
> do
> that. The latest binaries now include a Tomcat 4 powered Slide server,
> which can
> be a good example of how you can do the integration.
>
> Do you have a sample that does what I'm looking to do with the JSP
> pages?
Well, no, but you can do the following :
- open http://127.0.0.1:8081 as a webfolder
- log in as root/root (note : I'll obviously change that behavior before making
a public release, so that there's no root login available by default)
- upload the snoop.jsp (which doesn't have any dependencies on any other
classes) to /files/snoop.jsp
- open http://127.0.0.1:8080 in your web browser
- there should be a dir browse page, and it should list snoop.jsp; this dir
browse page is generated by the Tomcat default servlet, defined and configured
in the default config file (conf/web.xml)
- click on snoop.jsp to run the JSP with Jasper
The Catalina HTML manager is available at http://127.0.0.1:8080/manager (add a
user with manager role to conf/tomcat-users.xml), and it can be used to stop
and start a context if you upload a full webapp (you need to stop/start to read
the web.xml file).
Remy
Re: WebDav Default JSP page
Posted by Matthew Stone <ma...@jcafeinc.com>.
Hey Remy,
Thanks for the tip on where to start the server from. That did the trick.
As for your statement:
Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to do
that. The latest binaries now include a Tomcat 4 powered Slide server,
which can
be a good example of how you can do the integration.
Do you have a sample that does what I'm looking to do with the JSP pages?
Thanks again,
Matt
----- Original Message -----
From: "Remy Maucherat" <re...@apache.org>
To: <sl...@jakarta.apache.org>
Sent: Wednesday, June 27, 2001 2:47 AM
Subject: Re: WebDav Default JSP page
> > Hello, I'm wondering if there's a way to put a JSP file in the slide
> WebDav
> > system so I can control the web interface to the Dav system.
> >
> > For example, I want to put a index.jsp file into the /users folder so
when
> > an administrator accesses that folder from a web browser then he will be
> > presented with an HTML administrative view. This way I can prevent
folder
> > browsing, use slide ACL's for access control to the JSP and add my logic
> to
> > the administration of that folder.
> >
> > Right now when I attempt to "put" a JSP file into slide I get the output
> > contained at the end of this message. It looks like the problem in the
> > output is related to a configuration of the JspEngine. Meaning the
"put"
> > fires the hook into the JspEngine and the JspEngine attempts to handle
the
> > request. This isn't that big of a deal since it's probably a good
thing.
> > In that it prevents a hacker from uploading a volatile JSP into the Dav
> > system.
> >
> > So can you tell me how I can implement the functionality I stated above?
>
> Well, you can't do that unless your servlet container / JSP engine can
> abstract the filesystem.
>
> Tomcat 3.x can't do that, so you can't run webapps (JSPs or servlets) off
a
> Slide namespace, unless of course you use a properly configured filesystem
> based store, but that's more a hack than an elegant solution.
>
> Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to do
> that.
> The latest binaries now include a Tomcat 4 powered Slide server, which can
> be a good example of how you can do the integration.
> More details + downloads :
> http://jakarta.apache.org/slide/server.html
>
http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
> ide.zip
>
> > On a second note, as you know, right now the slide webdav/manager
> servlet(s)
> > just display a directory listing to HTML clients. How can I override
that
> > behavior? I've looked at the webdav servlet source and the WebDav
> directory
> > listing HTML code is generated from there. Do I need to write my own
> webdav
> > servlet to eliminate the directory browsing? Is there a better way?
>
> If a user can read a resource, it can also list its members if it's a
> collection. Right now, the two permissions (read and list) are not
separate
> (but a new permission could be added).
>
> There is no "display directory browsing" flag, mainly because the WebDAV
> servlet in Slide isn't meant to be used as a replacement for the default
> servlet in Tomcat. Instead, it is supposed to be handling all the URLs in
> the context, and provide full access to them for various editing purposes.
>
> Remy
Re: WebDav Default JSP page
Posted by Remy Maucherat <re...@betaversion.org>.
Quoting Matthew Stone <ma...@jcafeinc.com>:
> Hey Remy,
>
> I downloaded:
>
> >
> http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
> ide.zip
>
> per your suggestion and I attempt to run startup.bat in the
> \jakarta-slide\server\bin directory with the follow results:
>
> java.lang.IllegalArgumentException: Doc base must point to a WAR file
>
> Can you please direct me on how to resolve this?
It's supposed to be run like catalina is run :
go into \jakarta-slide\server, and type bin\startup (or bin\catalina run)
I tried downloading the latest binary, and it appears to at least be starting
fine on my computer.
The illegal arg indicates that Catalina wasn't able to find one of the webapps,
which is very strange.
Remy
Re: WebDav Default JSP page
Posted by Matthew Stone <ma...@jcafeinc.com>.
Hey Remy,
I downloaded:
>
http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
ide.zip
per your suggestion and I attempt to run startup.bat in the
\jakarta-slide\server\bin directory with the follow results:
java.lang.IllegalArgumentException: Doc base must point to a WAR file
Can you please direct me on how to resolve this?
Thanks,
Matt
----- Original Message -----
From: "Remy Maucherat" <re...@apache.org>
To: <sl...@jakarta.apache.org>
Sent: Wednesday, June 27, 2001 2:47 AM
Subject: Re: WebDav Default JSP page
> > Hello, I'm wondering if there's a way to put a JSP file in the slide
> WebDav
> > system so I can control the web interface to the Dav system.
> >
> > For example, I want to put a index.jsp file into the /users folder so
when
> > an administrator accesses that folder from a web browser then he will be
> > presented with an HTML administrative view. This way I can prevent
folder
> > browsing, use slide ACL's for access control to the JSP and add my logic
> to
> > the administration of that folder.
> >
> > Right now when I attempt to "put" a JSP file into slide I get the output
> > contained at the end of this message. It looks like the problem in the
> > output is related to a configuration of the JspEngine. Meaning the
"put"
> > fires the hook into the JspEngine and the JspEngine attempts to handle
the
> > request. This isn't that big of a deal since it's probably a good
thing.
> > In that it prevents a hacker from uploading a volatile JSP into the Dav
> > system.
> >
> > So can you tell me how I can implement the functionality I stated above?
>
> Well, you can't do that unless your servlet container / JSP engine can
> abstract the filesystem.
>
> Tomcat 3.x can't do that, so you can't run webapps (JSPs or servlets) off
a
> Slide namespace, unless of course you use a properly configured filesystem
> based store, but that's more a hack than an elegant solution.
>
> Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to do
> that.
> The latest binaries now include a Tomcat 4 powered Slide server, which can
> be a good example of how you can do the integration.
> More details + downloads :
> http://jakarta.apache.org/slide/server.html
>
http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
> ide.zip
>
> > On a second note, as you know, right now the slide webdav/manager
> servlet(s)
> > just display a directory listing to HTML clients. How can I override
that
> > behavior? I've looked at the webdav servlet source and the WebDav
> directory
> > listing HTML code is generated from there. Do I need to write my own
> webdav
> > servlet to eliminate the directory browsing? Is there a better way?
>
> If a user can read a resource, it can also list its members if it's a
> collection. Right now, the two permissions (read and list) are not
separate
> (but a new permission could be added).
>
> There is no "display directory browsing" flag, mainly because the WebDAV
> servlet in Slide isn't meant to be used as a replacement for the default
> servlet in Tomcat. Instead, it is supposed to be handling all the URLs in
> the context, and provide full access to them for various editing purposes.
>
> Remy
Re: WebDav Default JSP page
Posted by Remy Maucherat <re...@apache.org>.
> Hello, I'm wondering if there's a way to put a JSP file in the slide
WebDav
> system so I can control the web interface to the Dav system.
>
> For example, I want to put a index.jsp file into the /users folder so when
> an administrator accesses that folder from a web browser then he will be
> presented with an HTML administrative view. This way I can prevent folder
> browsing, use slide ACL's for access control to the JSP and add my logic
to
> the administration of that folder.
>
> Right now when I attempt to "put" a JSP file into slide I get the output
> contained at the end of this message. It looks like the problem in the
> output is related to a configuration of the JspEngine. Meaning the "put"
> fires the hook into the JspEngine and the JspEngine attempts to handle the
> request. This isn't that big of a deal since it's probably a good thing.
> In that it prevents a hacker from uploading a volatile JSP into the Dav
> system.
>
> So can you tell me how I can implement the functionality I stated above?
Well, you can't do that unless your servlet container / JSP engine can
abstract the filesystem.
Tomcat 3.x can't do that, so you can't run webapps (JSPs or servlets) off a
Slide namespace, unless of course you use a properly configured filesystem
based store, but that's more a hack than an elegant solution.
Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to do
that.
The latest binaries now include a Tomcat 4 powered Slide server, which can
be a good example of how you can do the integration.
More details + downloads :
http://jakarta.apache.org/slide/server.html
http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
ide.zip
> On a second note, as you know, right now the slide webdav/manager
servlet(s)
> just display a directory listing to HTML clients. How can I override that
> behavior? I've looked at the webdav servlet source and the WebDav
directory
> listing HTML code is generated from there. Do I need to write my own
webdav
> servlet to eliminate the directory browsing? Is there a better way?
If a user can read a resource, it can also list its members if it's a
collection. Right now, the two permissions (read and list) are not separate
(but a new permission could be added).
There is no "display directory browsing" flag, mainly because the WebDAV
servlet in Slide isn't meant to be used as a replacement for the default
servlet in Tomcat. Instead, it is supposed to be handling all the URLs in
the context, and provide full access to them for various editing purposes.
Remy