You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gadi Sastiel <ga...@gmail.com> on 2014/10/01 09:14:48 UTC
Re: Tomcat returns Jsp source code as text/plain to the browser
Hi, the request is seen on the tomcat access log ( i've changed the
path deliberately)
[01/Oct/2014:10:01:27 +0300] "GET /xxxxx/yyyyyy/zzzzz/aaaaPage.jsp%22
HTTP/1.1" 200 30223
Thanks
Gadi
On Tue, Sep 30, 2014 at 10:06 PM, André Warnier <aw...@ice-sa.com> wrote:
> Gadi Sastiel wrote:
>
>> I have in httpd.conf:
>>
>> LoadModule proxy_module modules/mod_proxy.so
>> LoadModule proxy_http_module modules/mod_proxy_http.so
>>
>> # Configure mod_proxy_html to understand HTML4/XHTML1
>> <IfModule proxy_html_module>
>> Include conf/extra/proxy-html.conf
>> </IfModule>
>>
>> LoadModule jk_module modules/mod_jk.so
>>
>> Gadi
>>
>
> Maybe to gain some time, let me point you to the explanation of what both
> Konstantin and Daniel are looking for :
> https://tomcat.apache.org/connectors-doc/reference/apache.html
> See the text in red ?
>
> In more words : a frequent configuration error in such cases (where Apache
> httpd in a front-end for Tomcat, and both are on the same machine), is to
> allow Apache httpd to "see" the contents of the Tomcat application
> directories (/webapps/*).
> Tomcat "knows" that a JSP page is something which has to be processed, and
> that it is the result that should be returned to the client, not the source.
> But httpd doesn't know that, and for him a JSP page is just text, and it
> returns it as is.
>
> So if the URL of the request is such, that Apache does not think that this
> request has to be forwarded to Tomcat, it will try to process this request
> itself. And if it can do that (aka it sees the directory where this file
> is located, and the file in it), then it will return that page itself to
> the client, as text.
>
> And that seems to be what you are seeing. From there comes the suspicion
> of Konstantin and Daniel, because Tomcat, correctly configured, wouldn't do
> that.
>
> Except that you mention somwhere else that the request is visible in the
> Tomcat access log. That would normally mean that httpd /is/ forwarding
> this request to Tomcat, and that the error is on the Tomcat side. So
> before going any further, make absolutely sure that that is the case, and
> that it is really /this/ request that you are seeing in the tomcat logs.
> Otherwise everyone is going to lose a lot of time searching in the wrong
> places.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat returns Jsp source code as text/plain to the browser
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gadi,
On 10/1/14 9:32 AM, Gadi Sastiel wrote:
> Probably it happens since our JSP's are not under the WEB-INF
> folder. Should be moved there.
That's unlikely to be the problem.
> Problem solved temporary by adding rewrite rule to the apache
> httpd-ssl.conf:
>
> RewriteRule ^.*\.jsp/*".*$ - [F]
If the above helped, I think you are badly misconfigured somewhere.
You probably have something to the effect of:
Alias /context /path/to/tomcat/webapps/context
This will allow httpd to serve your static content out of Tomcat's
deployment directory.
Try making a request to:
http://host/context/WEB-INF/web.xml and see if you get the deployment
descriptor. If you do, then your httpd is badly misconfigured.
> Thanks for everyone who tried to help.
Since you don't know why the JSP source was being displayed, I think
you've just put a band-aid on the problem. You aren't done, yet...
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJULBXyAAoJEBzwKT+lPKRYUWoQAL2hPqNlGOcTKf5yqZTqkZqO
nxxlU3G5EzQ7rbhsuEuaqLopIN5G3OcSHufmOWaJVjAfhkkEtiqupvmhhMjX/cSm
wys8Mgp71eSVTJ/LwjnHTztFI2XqeBvgD93SQFac1EZ76+A6mSffgFN6p0hriw7J
ZUTEKhYeSHWtSOLqfyeFHtoTjy0XERKQpt6/HlW/X8k/5Cw6HdXyPa7RaRwhoav+
VEA4lxY+bGZxrA97dkIAgKvMTtPq/OEC+G+YZK0sR6Fo5Ot7aEIQN/91UHnaChnV
3+clc/WzDbT2J+aaZ8aX5DYkwujssTr4fF7YGzpQv8rYJxDJlE9oFSQqhRkAvfMb
ukw2IkmdPG6UKXWwi/EXGmT6r7uJhoQyzTKs/VFXQ0ChE6/HPYMbVn9uK21+s+md
FjnWzR0k3WVyc6/HYtBhzob/7/s/l2bY2x/k7UL/dS9pmCQNPfva2j602+BtXI08
pzTwU51UySLsST7SOQdipVrXjEDYrnd03k/vQm9/KSJ9de9AlxKKAAQ3eplEjuwP
CBhH1ZMUgswi5f/jdwC/iMun1YnnXMkJzZfQdPIfhe+S3HgRfJRvkVJDC4rp398T
AXv6LvrD/52lOp+1tLHOEx/QymPNO9JJK7o3UpvxyIFiMm7LFlURQR3D/VJVKR3X
8bGA/eiofWv0qlQAwe7n
=A0Ay
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat returns Jsp source code as text/plain to the browser
Posted by Gadi Sastiel <ga...@gmail.com>.
Probably it happens since our JSP's are not under the WEB-INF folder.
Should be moved there.
Problem solved temporary by adding rewrite rule to the apache
httpd-ssl.conf:
RewriteRule ^.*\.jsp/*".*$ - [F]
Thanks for everyone who tried to help.
On Wed, Oct 1, 2014 at 12:10 PM, Gadi Sastiel <ga...@gmail.com>
wrote:
> In the web.xml under /tomcat/conf/
>
> <!-- ==============================================
> Default Servlet
> =================================================== -->
> <servlet>
> <servlet-name>default</servlet-name>
>
> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>listings</param-name>
> <param-value>false</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>default</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
>
> -----------------------------
> <servlet>
> <servlet-name>jsp</servlet-name>
> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
> <init-param>
> <param-name>fork</param-name>
> <param-value>false</param-value>
> </init-param>
> <init-param>
> <param-name>xpoweredBy</param-name>
> <param-value>false</param-value>
> </init-param>
> <load-on-startup>3</load-on-startup>
> </servlet>
>
> <!-- The mappings for the JSP servlet -->
> <servlet-mapping>
> <servlet-name>jsp</servlet-name>
> <url-pattern>*.jsp</url-pattern>
> <url-pattern>*.jspx</url-pattern>
> </servlet-mapping>
>
>
>
> in the web.xml under the webapp:
>
>
> <!-- ==============================================
> Request Charset Encoding
> =================================================== -->
> <filter>
> <filter-name>requestCharsetEncoding</filter-name>
>
> <filter-class>.........filters.SetRequestCharsetEncodingFilter</filter-class>
> <init-param>
> <param-name>encoding</param-name>
> <param-value>utf-8</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>requestCharsetEncoding</filter-name>
> <url-pattern>*.jsf</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
>
> <filter>
> <filter-name>VerifyUserExistsFilter</filter-name>
>
> <filter-class>.............filters.login.VerifyUserExistsFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>VerifyUserExistsFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <!-- ==============================================
> The JSF Core Servlet
> =================================================== -->
> <servlet>
> <servlet-name>Faces Servlet</servlet-name>
> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>Faces Servlet</servlet-name>
> <url-pattern>*.jsf</url-pattern>
> </servlet-mapping>
>
> <!-- ==============================================
> Default Servlet
> =================================================== -->
> <servlet>
> <servlet-name>default-local</servlet-name>
> <servlet-class>
> org.apache.catalina.servlets.DefaultServlet
> </servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>listings</param-name>
> <param-value>false</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>default-local</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
>
>
>
> Thanks
>
> On Wed, Oct 1, 2014 at 11:06 AM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 01/10/2014 08:14, Gadi Sastiel wrote:
>> > Hi, the request is seen on the tomcat access log ( i've changed the
>> > path deliberately)
>> >
>> > [01/Oct/2014:10:01:27 +0300] "GET /xxxxx/yyyyyy/zzzzz/aaaaPage.jsp%22
>> > HTTP/1.1" 200 30223
>>
>> OK.
>>
>> Given that this doesn't happen on a clean Tomcat install it is likely
>> that a servlet or filter in the web application is incorrectly
>> responding to this request.
>>
>> What servlets and/or filters do you have mapped to "/" or "/*" ?
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
Re: Tomcat returns Jsp source code as text/plain to the browser
Posted by Gadi Sastiel <ga...@gmail.com>.
In the web.xml under /tomcat/conf/
<!-- ==============================================
Default Servlet
=================================================== -->
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
-----------------------------
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<!-- The mappings for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>
in the web.xml under the webapp:
<!-- ==============================================
Request Charset Encoding
=================================================== -->
<filter>
<filter-name>requestCharsetEncoding</filter-name>
<filter-class>.........filters.SetRequestCharsetEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>requestCharsetEncoding</filter-name>
<url-pattern>*.jsf</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>VerifyUserExistsFilter</filter-name>
<filter-class>.............filters.login.VerifyUserExistsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>VerifyUserExistsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ==============================================
The JSF Core Servlet
=================================================== -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<!-- ==============================================
Default Servlet
=================================================== -->
<servlet>
<servlet-name>default-local</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default-local</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Thanks
On Wed, Oct 1, 2014 at 11:06 AM, Mark Thomas <ma...@apache.org> wrote:
> On 01/10/2014 08:14, Gadi Sastiel wrote:
> > Hi, the request is seen on the tomcat access log ( i've changed the
> > path deliberately)
> >
> > [01/Oct/2014:10:01:27 +0300] "GET /xxxxx/yyyyyy/zzzzz/aaaaPage.jsp%22
> > HTTP/1.1" 200 30223
>
> OK.
>
> Given that this doesn't happen on a clean Tomcat install it is likely
> that a servlet or filter in the web application is incorrectly
> responding to this request.
>
> What servlets and/or filters do you have mapped to "/" or "/*" ?
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat returns Jsp source code as text/plain to the browser
Posted by Mark Thomas <ma...@apache.org>.
On 01/10/2014 08:14, Gadi Sastiel wrote:
> Hi, the request is seen on the tomcat access log ( i've changed the
> path deliberately)
>
> [01/Oct/2014:10:01:27 +0300] "GET /xxxxx/yyyyyy/zzzzz/aaaaPage.jsp%22
> HTTP/1.1" 200 30223
OK.
Given that this doesn't happen on a clean Tomcat install it is likely
that a servlet or filter in the web application is incorrectly
responding to this request.
What servlets and/or filters do you have mapped to "/" or "/*" ?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org