Reproduced [TOMCAT] uses Web.xml to control the behavior of Web applications
1 defining head and root elements
The deployment descriptor file, like all XML files, must start with an XML header. This header declares the XML version that can be used and gives the character encoding of the file.
The DOCYTPE declaration must immediately appear after this header. This declaration tells the server the version of the servlet specification that is applicable (for example, 2.2 or 2.3) and specifies the DTD (document type definition, doc definition) that manages the syntax for the remainder of the file.
The top level (root) element of all deployment descriptor files is Web-app. Note that XML elements are not like HTML, they are case sensitive. Therefore, both Web-app and Web-app are illegal and web-app must be in lowercase.
2 Order of elements within the deployment descriptor file
XML elements are not only case sensitive, but they are also sensitive to the order in which they appear in other elements. For example, the XML header must be the first item in the file, the DOCTYPE declaration must be the second item, and the Web-app element must be the third item. Within the Web-app element, the order of the elements is also important. Servers do not necessarily enforce this order, but they allow (in fact, some servers do) to completely reject the execution of Web applications that contain an incorrectly ordered element. This means that web.xml files that use the order of non-standard elements are not portable.
The following list shows the necessary order for all legitimate elements that can appear directly within the Web-app element. For example, this list indicates that a servlet element must appear before all servlet-mapping elements. Please note that all of these elements are optional. Therefore, you can omit an element, but you cannot put it in an incorrect position.
The icon icon element indicates the location of one and two image files that the IDE and GUI tools use to represent Web applications.
L Display-name display-name Element provides a name that the GUI tool might use to mark this particular Web application.
L Description Description element gives descriptive text about this.
L Context-param Context-param Element declares an application-scoped initialization parameter.
The L filter Filter element associates a name with a class that implements the Javax.servlet.Filter interface.
L Filter-mapping Once you name a filter, you use the filter-mapping element to associate it with one or more servlet or JSP pages.
The L Listener servlet API version 2.3 adds support for event listeners, which are notified when they create, modify, and delete sessions or servlet environments. The listener element indicates an event listener class.
L The servlet must first name the servlet or JSP page when making initialization parameters or custom URLs to the servlet or JSP pages. The servlet element is used to accomplish this task.
L The Servlet-mapping server typically provides a default url:http://host/webappprefix/servlet/servletname for the servlet. However, this URL is often changed so that the servlet can access the initialization parameters or more easily handle relative URLs. The servlet-mapping element is used when changing the default URL.
L Session-config If a session has not been accessed for a certain period of time, the server can discard it to save memory. You can explicitly set a time-out value for a single Session object by using the HttpSession Setmaxinactiveinterval method, or you can use the Session-config element to set a default time-out.
L mime-mapping If Web applications have the idea of special files, and want to guarantee that they are assigned a specific MIME type, the mime-mapping element provides this assurance.
L welcom-file-list welcome-file-list element indicates which file the server uses when it receives a URL that references a directory name instead of a filename.
L Error-page error-page Element enables the page to be displayed when a particular HTTP status code is returned, or when a particular type of exception is thrown.
L taglib taglib Element assigns an alias to the tag library descriptor file (tag Libraryu descriptor file). This feature allows you to change the location of the TLD file without editing the JSP page that uses the files.
L RESOURCE-ENV-REF The Resource-env-ref element declares a resource-related management object.
L Resource-ref resource-ref Element declares an external resource used by a resource factory.
L Security-constraint security-constraint elements to develop URLs that should be protected. It is used in conjunction with the Login-config element
L Login-config Use the Login-config element to specify how the server should authorize users attempting to access a protected page. It is used in conjunction with the Sercurity-constraint element.
L SECURITY-ROLE The Security-role element gives a list of security roles that will appear in the Role-name child elements of the security-role-ref element within the servlet element. Declaring roles separately makes it easier for the advanced IDE to handle security information.
L Env-entry env-entry Element declares the environment item for a Web application.
L Ejb-ref ejb-ref Element declares a reference to the home directory of an EJB.
L Ejb-local-ref ejb-local-ref Element declares the application of an EJB's local home directory.
3 Assign name and custom UL
One of the most common tasks accomplished in Web.xml is to give a name and a custom URL to a servlet or JSP page. Assigns a name with a servlet element, using the servlet-mapping element to associate the custom URL with the name you just assigned.
3.1 Assignment Name
To provide initialization parameters, define a custom URL for a servlet or JSP page, or assign a security role, you must first give the servlet or JSP page a name. You can assign a name through a servlet element. The most common formats include servlet-name and Servlet-class child elements (within the Web-app element), as follows:
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>moreservlets. Testservlet</servlet-class>
</servlet>
This means that the servlet in Web-inf/classes/moreservlets/testservlet has been registered with the name test. Giving the servlet a name has two main meanings. First, initialization parameters, custom URL patterns, and other customizations refer to this servlet through this registration name instead of the class name. Second, you can use this name in a URL instead of a class name. Therefore, using the definition just given, URL http://host/webAppPrefix/servlet/Test can be used for http://host/webAppPrefix/servlet/moreservlets.TestServlet sites.
Remember that XML elements are not only case sensitive, but the order in which they are defined is also important. For example, all servlet elements within the Web-app element must precede all servlet-mapping elements (described in the next section) and precede the filter or document-related elements (if any) discussed in sections 5.6 and 5.11. Similarly, the Servlet-name child elements of a servlet must also appear before Servlet-class. Section 5.2, "Order of elements within the deployment descriptor file," describes this required order in detail.
For example, listing 5-1 shows a simple servlet named Testservlet, which resides in the Moreservlets package. Because this servlet is part of a WEB application rooted in a directory called Deploydemo, Testservlet.class is placed in Deploydemo/web-inf/classes/moreservlets. Listing 5-2 shows part of the Web.xml file that will be placed in the deploydemo/web-inf/. The Web.xml file uses the Servlet-name and Servlet-class elements to associate name test with Testservlet.class. Figure 5-1 and Figure 5-2 show the results of invoking Testservlet using the default URL and the registration name respectively.
Program List 5-1 Testservlet.java
Package moreservlets;
Import java.io.*;
Import javax.servlet.*;
Import javax.servlet.http.*;
/** simple servlet used to illustrate servlet naming
* and Custom URLs.
* <P>
* Taken from the more servlets and JavaServer Pages
* FROM Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
*©2002 Marty Hall; May is freely used or adapted.
*/
public class Testservlet extends HttpServlet {
public void doget (HttpServletRequest request,
HttpServletResponse response)
Throws Servletexception, IOException {
Response.setcontenttype ("text/html");
PrintWriter out = Response.getwriter ();
String uri = Request.getrequesturi ();
Out.println (Servletutilities.headwithtitle ("Test Servlet") +
"<body bgcolor=/" #FDF5E6/">/n" +
""</BODY></HTML>");
}
}
Program Listings 5-2 Web.xml (an excerpt of the servlet name)
<?xml version= "1.0" encoding= "Iso-8859-1"?>
<! DOCTYPE Web-app
Public "-//sun Microsystems, INC.//DTD Web application 2.3//en"
"Http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!--...-->
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>moreservlets. Testservlet</servlet-class>
</servlet>
<!--...-->
</web-app>
3.2 Define a custom URL
Most servers have a default Serlvet URL:
Http://host/webAppPrefix/servlet/packageName.ServletName. While it is convenient to use this URL in development, we often want another URL to be used for deployment. For example, you might need a URL (such as http://host/webappprefix/anyname) that appears at the top of the Web application, and there are no servlet entries in this URL. URLs at the top level simplify the use of relative URLs. In addition, for many developers, the top-level URL looks shorter than a longer, more troublesome default URL.
In fact, you sometimes need to use a custom URL. For example, you might want to turn off the default URL mapping to better enforce security restrictions or prevent users from accidentally accessing a servlet with no initialization parameters. If you disable the default URL, how do you access the servlet? Only the custom URL is used at this time.
In order to assign a custom URL, you can use the servlet-mapping element and its servlet-name and url-pattern child elements. The Servlet-name element provides an arbitrary name that can be used to refer to the corresponding servlet;url-pattern to describe the URL of the root directory relative to the Web application. The value of the Url-pattern element must start with a slash (/).
A simple web.xml excerpt is given below, which allows the use of URL http://host/webAppPrefix/UrlTest instead of http://host/webAppPrefix/servlet/Test or
http://host/webappprefix/servlet/moreservlets. Testservlet. Note that you still need XML headers, DOCTYPE declarations, and web-app enclosing elements. In addition, it can be recalled that the order in which XML elements appear is not random. In particular, all servlet elements need to be placed before all servlet-mapping elements.
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>moreservlets. Testservlet</servlet-class>
</servlet>
<!--...-->
<servlet-mapping>
<servlet-name>Test</servlet-name>
<url-pattern>/UrlTest</url-pattern>
</servlet-mapping>
The URL pattern can also contain wildcard characters. For example, the following applet instructs the server to send all the URL prefixes starting with the Web application to ... ASP ends the request to the servlet named Bashms.
<servlet>
<servlet-name>BashMS</servlet-name>
<servlet-class>msUtils.ASPTranslator</servlet-class>
</servlet>
<!--...-->
<servlet-mapping>
<servlet-name>BashMS</servlet-name>
<url-pattern>/*.asp</url-pattern>
</servlet-mapping>
3.3 Name JSP page
Because JSP pages are converted to Sevlet, it's natural to want to name the JSP page just like the name servlet. After all, JSP pages may benefit from initialization parameters, security settings, or custom URLs, just as normal serlvet do. Although it is true that the JSP page is actually a servlet in the background, there is a key suspicion: that is, you don't know the actual class name of the JSP page (because the system picks the name by itself). Therefore, to name a JSP page, you can replace the jsp-file element with a SERVLET-CALSS element, as follows:
<servlet>
<servlet-name>Test</servlet-name>
<jsp-file>/TestPage.jsp</jsp-file>
</servlet>
The reason for naming a JSP page is exactly the same as naming the servlet: to provide a name that is used with custom settings, such as initialization parameters and security settings, and to change the URL that activates the JSP page (for example, so that multiple URLs can be handled through the same page). or remove the. jsp extension from the URL. However, when setting initialization parameters, it should be noted that the JSP page reads the initialization parameters using the Jspinit method rather than the Init method.
For example, listing 5-3 shows a simple JSP page called testpage.jsp, which works simply by printing out the local part of the URL used to activate it. The testpage.jsp is placed at the top of the Deploydemo application. Listing 5-4 shows a web.xml file that is used to assign a registered name pagename and then associate this registration name with a URL in http://host/webAppPrefix/UrlTest2/anything form (that is, Deploydemo /web-inf/web.xml) part of it.
Program List 5-3 testpage.jsp
<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 transitional//en" >
<HTML>
<HEAD>
<TITLE>
JSP Test Page
</TITLE>
</HEAD>
<body bgcolor= "#FDF5E6" >
</BODY>
</HTML>
Program Listings 5-4 Web.xml (description of JSP page named excerpt)
<?xml version= "1.0" encoding= "Iso-8859-1"?>
<! DOCTYPE Web-app
Public "-//sun Microsystems, INC.//DTD Web application 2.3//en"
"Http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!--...-->
<servlet>
<servlet-name>PageName</servlet-name>
<jsp-file>/TestPage.jsp</jsp-file>
</servlet>
<!--...-->
<servlet-mapping>
<servlet-name> pagename </servlet-name>
<url-pattern>/UrlTest2/*</url-pattern>
</servlet-mapping>
<!--...-->
</web-app>
4 Disable Activator servlet
One reason to establish a custom URL for a servlet or JSP page is to do so by registering the read from the init (servlet) or Jspinit (JSP page) method to obtain the initialization parameters. However, initialization parameters can only be used when accessing a servlet or JSP page using a custom URL pattern or a registered name, and cannot be used with the default URL http://host/webAppPrefix/servlet/ServletName. Therefore, you may want to close the default URL so that no one will accidentally invoke the initialization servlet. This process is sometimes referred to as banning the activator servlet because most servers have a standard servlet registered with the default servlet URL and activate the actual servlet for the default URL application.
There are two main ways to suppress this default URL:
L REMAP the/servlet/mode in each Web application.
L Global shutdown activator servlet.
It is important to note that while remapping the/servlet/pattern in each Web application is more work than banning the activation of the servlet completely, remapping can be done in a completely portable way. Instead, the global disable Activator servlet is entirely specific to the machine, and in fact some servers (such as servletexec) do not have such a choice. The following discusses the strategy for remapping the/servlet/url pattern for each Web application. The details of the global disable Activator servlet in Tomcat are provided later in this section.
4.1 Remapping/servlet/url Mode
It is easy to disallow the handling of URLs that start with http://host/webAppPrefix/servlet/in a particular Web application. All you need to do is create an error message servlet and use the Url-pattern element discussed in the previous section to turn all matching requests to that servlet. Just use it simply:
<url-pattern>/servlet/*</url-pattern>
As a pattern in the servlet-mapping element.
For example, listing 5-5 shows part of the deployment descriptor file that will associate the Sorryservlet servlet (listing 5-6) with all URLs beginning with http://host/webAppPrefix/servlet/.
Program Listings 5-5 Web.xml (description of JSP page named excerpt)
<?xml version= "1.0" encoding= "Iso-8859-1"?>
<! DOCTYPE Web-app
Public "-//sun Microsystems, INC.//DTD Web application 2.3//en"
"Http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!--...-->
<servlet>
<servlet-name>Sorry</servlet-name>
<servlet-class>moreservlets. Sorryservlet</servlet-class>
</servlet>
<!--...-->
<servlet-mapping>
<servlet-name> Sorry </servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<!--...-->
</web-app>
Program List 5-6 Sorryservlet.java
Package moreservlets;
Import java.io.*;
Import javax.servlet.*;
Import javax.servlet.http.*;
/** simple servlet used to give error messages to
* Users who try to access default servlet URLs
* (i.e., http://host/webAppPrefix/servlet/ServletName)
* In WEB applications so have disabled this
* Behavior.
* <P>
* Taken from the more servlets and JavaServer Pages
* FROM Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
*©2002 Marty Hall; May is freely used or adapted.
*/
public class Sorryservlet extends HttpServlet {
public void doget (HttpServletRequest request,
HttpServletResponse response)
Throws Servletexception, IOException {
Response.setcontenttype ("text/html");
PrintWriter out = Response.getwriter ();
String title = "Invoker Servlet Disabled."
Out.println (title) + Servletutilities.headwithtitle
"<body bgcolor=/" #FDF5E6/">/n" +
"<H2>" + title + ""Sorry, access to Servlets by means of/n" +
"URLs that begin with/n" +
"http://host/webAppPrefix/servlet//n" +
"has been disabled./n" +
"</BODY></HTML>");
}
public void DoPost (HttpServletRequest request,
HttpServletResponse response)
Throws Servletexception, IOException {
Doget (request, response);
}
}
4.2 Global Disable Activator: Tomcat
The method used in Tomcat 4 to close the default URL is very different from that used in Tomcat 3. These two methods are described below:
1. Disable Activator: Tomcat 4
Tomcat 4 Closes the activator servlet in the same way as before, using the url-mapping element in Web.xml to close. The difference is that Tomcat uses a server-specific global web.xml file that is placed in install_dir/conf, using the standard web.xml files stored in the Web-inf directory of each Web application.
Therefore, in order to turn off the activator servlet in Tomcat 4, simply annotate the/servlet/* URL mapping entry in Install_dir/conf/web.xml, as follows:
<!--
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
-->
Again, note that this item is located in the install_dir/conf Tomcat-specific Web.xml file, which is not a standard web.xml stored in the Web-inf directory of each Web application.
2. Disable Activator: TOMCAT3
In version 3 of Apache Tomcat, the default servlet URL is globally blocked by annotating the Invokerinterceptor entry in Install_dir/conf/server.xml. For example, the following is part of a server.xml file that prohibits the use of the default Servlet URL.
<!--
<requsetinterceptor
Classname= "Org.apache.tomcat.request.InvokerInterceptor"
debug= "0" prefix= "/servlet/"/>
-->
5 initializing and preload servlet and JSP pages
This discusses ways to control the startup behavior of Servlet and JSP pages. In particular, describes how to assign initialization parameters and how to change the time that a server is loaded with servlet and JSP pages.
5.1 Assigning servlet initialization parameters
The Init-param element is used to provide initialization parameters to the servlet, and the Init-param element has param-name and param-value child elements. For example, in the following example, if the Initservlet servlet is accessed using its registered name (Inittest), it will be able to invoke Getservletconfig () from its method. Getinitpa
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
