You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Paul Libbrecht <pa...@ags.uni-sb.de> on 2000/09/07 12:54:35 UTC

Servlet-names are mappings !!

	
Here goes a very weird story that happened with our Tomcat 3.1:

We had a stupid little webapp with a servlet that was just serving a page.  
That class was, without packages, fooServletSix so we put the following  
web.xml (doctype and document declarations removed):

<web-app>
<servlet>		
	<servlet-name>foo</servlet-name>		
        <servlet-class>fooServletSix</servlet-class>
</servlet>
	
<servlet-mapping>
	<servlet-name>foo</servlet-name>
	<url-pattern>*.foo</url-pattern>
</servlet-mapping>

</web-app>


And here's what happened. That servlet just delivered a static page  
containing an image in an another webserver and an applet whose class was  
fooServletSixClient requesting a jar fooServletSix.jar relative to it.

The path to get the thing was
	http://ourserver:8080/UserModel/foo.foo
So that the jar requested was
	http://ourserver:8080/UserModel/fooServletSix.jar
which was actually requested to tomcat. The latter replied... the response  
of the servlet, the html code !!!! Which, don't ask me why, was parsed by  
the classloader which try to connect to that other server containing the  
image !! (note that behaviour was observed from many browser). And, you  
name it, SecurityException...

As everyone know classloading trouble is a trouble, you can imagine how  
many days we spent on that weirdness.

I've taken my lesson, the servlet-name foo was used as url-mapping /foo*  
although... maybe not always, maybe that was within the same connection of  
the client, as requesting directly fooServletSix.jar did provide the proper  
jar.

The conclusion is: servlet-name values can, probably sometimes, be used as  
url-mappings !!


Did anyone say OpenSource projects lack documentation ???

Paul

PS: reactions welcome.

Re: Servlet-names are mappings !!

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

Jim Rudnicki wrote:

> I noticed this, but thought it was just the way it should be.
> When you name a servlet to provide init parameters, but do not provide a
> mapping, the name is a mapping.
>
> > > The conclusion is: servlet-name values can, probably sometimes, be used
> as
> > > url-mappings !!
> > >
> > It has nothing to do with documentation, this shouldn't happen.
> >
>

More precisely, let's assume you have a servlet definition like this:

    <servlet>
        <servlet-name>MyServlet</servlet-name>
        <servlet-class>com.mycompany.mypackage.MyServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>MyServlet</servlet-name>
        <url-pattern>/runmyservlet/*</url-pattern>
    </servlet-mapping>

Now, if you use this URL:

    http://localhost:8080/contextpath/runmyservlet

you will execute your servlet due to the servlet mapping entry.

In a standard Tomcat installation, you will find that the following two URLs
also work:

    http://localhost:8080/contextpath/servlet/com.mycompany.mypackage.MyServlet

    http://localhost:8080/contextpath/servlet/MyServlet

These work because of a Tomcat feature (not in the servlet spec) called the
"invoker" servlet.  This feature is very commonly provided by servlet
containers, because in simple situations you will not need to create <servlet>
definitions at all.  The invoker tries to match what is entered after
"/servlet" to either a <servlet-class> or <servlet-name>, and then executes the
corresponding servlet for you.

How does this work?  Simple:  the invoker servlet itself is mapped to
url-pattern "/servlet/*".  If you want to remove this facility, it's pretty
easy:

* Tomcat 3.1 or 4.0 :  remove the <servlet-mapping> for the invoker servlet
  from file $TOMCAT_HOME/conf/web.xml

* Tomcat 3.2: remove the <RequestInterceptor> for InvokerInterceptor
  from file $TOMCAT_HOME/conf/server.xml

Craig McClanahan

====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

Re: Servlet-names are mappings !!

Posted by Jim Rudnicki <jd...@pacbell.net>.

I noticed this, but thought it was just the way it should be.
When you name a servlet to provide init parameters, but do not provide a
mapping, the name is a mapping.

> > The conclusion is: servlet-name values can, probably sometimes, be used
as
> > url-mappings !!
> >
> It has nothing to do with documentation, this shouldn't happen.
>

Re: Servlet-names are mappings !!

Posted by cm...@yahoo.com.

> The conclusion is: servlet-name values can, probably sometimes, be used as  
> url-mappings !!
> 
> 
> Did anyone say OpenSource projects lack documentation ???

It's a bug, probably a serious one. Can you reproduce it on tomcat 3.2
(beta) ? Can you create a small webapp that is able to reproduce the bug ?
( maybe a diff to src/test/webapp ? - the internal test suite )

It has nothing to do with documentation, this shouldn't happen. 

Costin