• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

deployment Descriptor Servlet mapping

 
Ranch Hand
Posts: 121
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In the following code from the book headfirst jsp and servlets

Basically we are using a servlet-name to refer to the java class and than mapping that name to the url pattern which the client will see
So My question is cant we directly map the class to the url .
some what like


 
Ranch Hand
Posts: 147
Eclipse IDE Tomcat Server Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No. You must use both the <servlet> and the <servlet-mapping> section.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Class needs to be the fully qualified package plus class name so the servlet container can find it. Classes used in servlets MUST be in packages to avoid all sorts of problems.

Way back at the beginning of the servlet API it was thought that it would be cool to allow for directly naming a servlet class in the URL. Thus we got the Invoker servlet.

These days everybody recognizes that this was a really really really bad idea since it prevented use of the full servlet API.

Bill
 
Pratik D mehta
Ranch Hand
Posts: 121
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yup
Thank you peter Nelson and William Brogden (the link was good read)
 
Ranch Hand
Posts: 300
Eclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Guys , but what are the benefits of having mapping in this way , did I miss anything ?

I still don't understand the motive behind such mapiing , having servlet mapped to name first and then name mapped to class or url-pattern .

I know this is the way it works but curious on "Why" part , why it was designed like this by Servlet designer.
 
Pratik D mehta
Ranch Hand
Posts: 121
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The objective of this kind of mapping is
1 . The actual servlet name and location available on the server would not be visible to the user , which would be necessary for security .
2 . Than there would be an internal name for that servlet know among the deployers which would be Chapter1 Servlet in the above case as specified.
3. The class name would be specific to developers to be known among them .
4. Maintainence would be definately easy as we would not have to keep on changing each and every JSPs if the servlet name or anything else changes , we can directly change the web.xml mapping which is basically global mapping of servlets for that particular application .
This is the basic understanding i got from Head first .
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also note that the "name" of a servlet class includes the package and may therefore be quite long.

Would your really like to type the whole com.mysite.stuff.thingee.BigServletWork name when mapping lets you call it "Work"? How prone to error is that?

Not even getting into the security hazard of having your whole package structure exposed everywhere.

Bill
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

William Brogden wrote:
Not even getting into the security hazard of having your whole package structure exposed everywhere.



I don't understand how that why separating servlet-class and url-pattern can prevent a security hazard. The 2 <servlet> and <servlet-mapping> are in the same document, any author of web.xml will be able to see the whole class name.

Would you mind explain further? Thanks
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The full package and class name would be exposed to ALL USERS of your application.

The web.xml file can not be seen by outside users.

Bill
 
T. Huy Nguyen
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Perhaps you're referring to the security hazard of using Invoker servlet? If so, then I understand.

If not, then I still haven't understood why separating servlet-class and url-pattern can prevent a security hazard. Thanks though.
 
Sheriff
Posts: 67749
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One reason is because a single servlet can have multiple mappings.

Sure that could still be done via single XML element if you wanted, but it'd be inconsistent with the rest of the XSD.
 
Look ma! I'm selling my stuff!
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic