I'm running webapps on Jetty. I have set "dirAllowed" to "false" to disable the directory browsing on the defined contextpath by
webAppContext.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false").
But, users can still access other files (not located on the contextpath) through url (eg. http://somehost.yahoo.com:8081/abc.xml) and abc.xml is located under the root directory of the Jetty server.
Is there a way to block/deny direct url access to files located on Jetty? Thanks!
Not without adding some functionality to your webapp, there isn't. A Java Webapp is essentially a standardized directory structure beginning at the context root (myWebApp in the sample below).
myWebApp/
index.jsp
styles/
mywebapp.css
images/
myimage.png
WEB-INF/
web.xml
lib/
MyLib.jar
classes/
MyPackage/
MyServlet.class
Anything above WEB-INF is directly serve-able, anything below WEB-INF isn't. You could dream up some authorization scheme using Servlet Filters (http://www.oracle.com/technetwork/java/filters-137243.html) and restrict access to content above WEB-INF. Alternatively, if Authentication/Authorization is what you are after, look into Http Authorization and how it can be implemented in Jetty (http://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html). One way or another, you are going to be some coding or configuration to restrict access to the content above WEB-INF in a Java webapp.
Related
In my tomcat webapps directory I have various projects with servlets in them ..
say named test,beer etc
My question is irrespective of the web.xml or contents when i type localhost:8080/folderName I must be able to view the contents right? but it doesnt work for all folders , for some it says resource not found ,
Example my test folder opens in the browser and my beer folder doesnt , I restarted the browser and tomcat after adding or modifying folders , why can this happen , please explain
My dear friend there is a certain process/configuration/rule that tomcat follows in order to render any web content.It is not some magic happening.
Tomcat has a way of reading web deployments within the /webapp directory.
When we type some URL On the browser tomcat does the following:
Example.
URL : http://localhost:8080/foldername/xyz
Here tomcat takes the part of the URL after http://localhost:8080,that is foldername/xyz.
So here the first part which is foldername means name of the folder present in the /webapps folder.
So reading this tomcat goes inside that folder.Later tomcat is at the mercy of a file called web.xml.All mapping from /foldername/ i.e. /xyz in our case, onwards are present in web.xml.
In your case , if you type http://localhost:8080/foldername/ , tomcat knows that browser refers to webapps/foldername but does not know which resource html/jsp/servlet to forward the request so as to be able to generate a response.
Hence it gives a resource not found exception.
If you want to run the above URL (http://localhost:8080/foldername) then you need to configure a <welcome-file-list> tag in the web.xml file.
So for the folders which are working in your case with the above URL, just open their web.xml file and you shall find the <welcome-file-list> tag.
Actually this is what happened
I had a folder test which had some files (NO WEB-INF) , tomcat listed its contents on typing localhost:8080/test
My other folder beer had a WRONG WEB-INF web.xml configuration
So the following is clear to me now
Without a WEB-INF folder and web.xml tomcat will just list the contents of the directory but when you have a WEB-INF and web.xml and something is wrong in them it doesnt even list the directory contents .
Just my understanding of it .
Thanks!
I have a Jersey based Rest service running on a tomcat server. There is no UI, just a server that offers some rest services. Now, to access this service the URL that i have to type in is pretty long. Something like localhost:8080/MyApp/url_pattern/classPath/method where MyApp is the webapp that i deployed, url_pattern is the pattern that i defined in the servlet-mapping in web.xml, classPath and method being the #Path annotations for the Class and method respectively. Is it possible to shorten it such that I get rid of the MyApp and url_pattern part of this URL. Something like localhost:8080/classPath/method.
PS: There is just one webApp running on this server, so no point having the MyApp part
I don't think you can remove all what you desire from the url but you can definitely remove the MyApp part by making it the root application for tomcat.
Answer on this related link describes it pretty well, how to set your application as the root application. So you can access your REST services without having the app name in url:
Setting default application in tomcat 7
Content copied from the above link:
First Method:
first shutdown your tomcat [from the bin directory (sh shutdown.sh)]
then you must delete all the content of your tomcat webapps folder (rm
-fr *) then rename your WAR file to ROOT.war finally start your tomcat [from the bin directory (sh startup.sh)]
Second Method:
leave your war file in CATALINA_BASE/webapps, under its original name
- turn off autoDeploy and deployOnStartup in your Host element in the server.xml file. explicitly define all application Contexts in
server.xml, specifying both path and docBase. You must do this,
because you have disabled all the Tomcat auto-deploy mechanisms, and
Tomcat will not deploy your applications anymore unless it finds their
Context in the server.xml.
Note:
that this last method also implies that in order to make any change to
any application, you will have to stop and restart Tomcat.
Third Method:
Place your war file outside of CATALINA_BASE/webapps (it must be
outside to prevent double deployment). - Place a context file named
ROOT.xml in CATALINA_BASE/conf//. The single element in this context
file MUST have a docBase attribute pointing to the location of your
war file. The path element should not be set - it is derived from the
name of the .xml file, in this case ROOT.xml. See the Context
Container above for details.
I'm working in maven web application. I need to read a directory(For ex: Files) in my webapp folder as follows,
Java.io.File file = new Java.io.File("path");
But I don't know how to specify the path of the directory here.
You shouldn't give local path addresses. Path should be a relative address, e.g. /files/images under your web archive (.war) folder.
To use relative paths properly, I suggest you to add your target folder to the resources definiton of POM.xml, check out these pages
http://www.mkyong.com/maven/how-to-change-maven-resources-folder-location/
http://maven.apache.org/guides/introduction/introduction-to-the-standard-directory-layout.html
You can refer to resources folder easily with something like this:
this.class.getResource("Mydirectory/SubDirectory");
When in doubt how relatives paths work, it's always best to do something like that:
System.out.println(new File("/my/desired/directory").getAbsolutePath());
This will print out the path in which classpath will look for the files.
Assuming:
servlet container webapps dir is located in: /var/lib/tomcat6/webapps
your webapp is called my-webapp.war
You should see the following output: /var/lib/tomcat6/webapps/my-webapp/my/desired/directory
Another pointer: you have mentioned that you are looking for webapp directory. I hope you know that this directory will not end up in *.war - it's contents will.
War files are not always expanded when they are deployed to an app server, so it's possible that a relative path won't exist in a filesystem at all.
Best bets are to use getResource from the class loader, which will return things in the class path (the WEB-INF/lib directory, etc), or to use the getResource() method of ServletContext to find things in the web application itself.
By default static files are located in WEB-INF directory (accessible as /images/logo.png):
foo.war
WEB-INF
web.xml
images
logo.png
I want to change the structure and use this one instead (still accessible as /images/logo.png):
foo.war
WEB-INF
web.xml
static
images
logo.png
How can I do this with web.xml?
The container will repsond with a 404 NOT FOUND error if you directly access the files under WEB-INF using HTTP GET .
But now , you said you can access WEB-INF/images/logo.png by /images/logo.png , so I think your web application most probably achieve this result by some URLRewriteFilter mechainsim or by some Java code in the servlet level (eg a filter) , or by your web application 's framework . I suggest you to check your web application to see what mechanism causes this behvaior now and configurate to your desired result accordingly.
According to http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/WCC3.html,:
A WAR has a specific directory
structure. The top-level directory of
a WAR is the document root of the
application. The document root is
where JSP pages, client-side classes
and archives, and static Web resources
are stored.
The document root contains a
subdirectory called WEB-INF, which
contains the following files and
directories:
web.xml: The Web application
deployment descriptor Tag library
descriptor files (see Tag Library
Descriptors) classes: A directory
that contains server-side classes:
servlets, utility classes, and
JavaBeans components lib: A
directory that contains JAR archives
of libraries (tag libraries and any
utility libraries called by
server-side classes).
You can also create
application-specific subdirectories
(that is, package directories) in
either the document root or the
WEB-INF/classes directory.
So the default behavior is what you're looking for. Is your document root set incorrectly to serve content from WEB-INF?
You may use a filter or URLRewriteFilter to point /images/* to /static/images/*.
If you just want your folder structure to be /static/images for development time organization purposes, but the deployment URL to be /images -- you may need to alter your build script to copy /static/** to /.
I personally would not bother whether my static files are referred as /static/images or /images -- because they would be referred in my code (only), which I have control over.
If you are using these files in CSS and that's why you wanted the path to stay the same... better keep the images under /static/css/images and have the images that are referred in the CSS here. In this way, no matter where you move your CSS folder, you would not bother spoiling your CSS.
Is it possible for a web application to access its own deployed folder. I am using JSF 1.2 framework and i need to access some of the files which i have it in the deployed directory.
Does JSF has any in built method to give us the deployed folder and the files in it?
Use ExternalContext.getResourcePaths("/"). In a servlet container, this will delegate to ServletContext.getResoucePaths(String). As the documentation notes:
For example, for a web application
containing:
/welcome.html
/catalog/index.html
/catalog/products.html
/catalog/offers/books.html
/catalog/offers/music.html
/customer/login.jsp
/WEB-INF/web.xml
/WEB-INF/classes/com.acme.OrderServlet.class
/WEB-INF/lib/catalog.jar!/META-INF/resources/catalog/moreOffers/books.html
getResourcePaths("/") would return
{"/welcome.html", "/catalog/",
"/customer/", "/WEB-INF/"}, and
getResourcePaths("/catalog/") would
return {"/catalog/index.html",
"/catalog/products.html",
"/catalog/offers/",
"/catalog/moreOffers/"}.
For portable code, do not assume you can access resources via the file system:
This method (getResource(String)) allows the servlet container to make a resource available to servlets from any source. Resources can be located on a local or remote file system, in a database, or in a .war file.
You can get access to resources in the classpath, but the servlet API does not guarantee their physical representation. In other words, if you deploy a WAR file, the container may explode the WAR file or keep it as is, or do something completely different depending on its needs.
In this particular context it mean that you introduce a subtle container dependency by assuming that a web application is deployed to a folder, which you should be very careful about.
If all you need, however, is to get some items you have in the classpath you should have a look at this question: Getting the inputstream from a classpath resource (XML file)
FacesContext.getCurrentInstance().getExternalContext().getResource("/").toString();
you will get the path to your WEB-INF/classes dir traverse using parent(); method from File class to get the location