• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Rob Spoor
  • Henry Wong
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh
  • Jj Roberts

Serving Static Content OUTSIDE Webapps Directory

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I have a VirtualBox Ubuntu Server with Java 8 and Tomcat 8. I want to use Tomcat to serve all web content using it's webapps directory for all my Java apps and create a webdocs directory at the same level and permissions for all my static html websites.

I also have security that checks each URL serving a login if necessary so serving my static html can't be based on the URL path. I want to replicate Apache2's ability to match a domain name and serve the associated docBase. The following is my server.xml attempting to add a Context Path for my static html within the Engine tag:

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--


<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />

</Host>

<Host name="myets.us" appBase="webdocs">
<Alias>www.myets.us</Alias>
<Context path="" docBase="/mywebsql/" />
</Host>

I've tried variations of the above, but get 404 codes or access denied. I'm sure there is conflict with my web.xml where security is designed to intercept each URL. As I said, I need to keep security doing the same, but want domain names to resolve to the docBase similar to what Apache2 does.

Lastly, how can I use domain names instead of 192.168.x.x:8080/ to mimic my production server? Is there a way to do that on my laptop running VirtualBox?

Any help would be greatly appreciated.

Thanks,

Brandon

P.S. I know I have to setup my IPTable Rules to reroute 8080 to 80 and 8443 to 443 and next get multiple SSL certificates configured in Tomcat. I'm taking each of these configurations in steps.
 
Brandon Hofmann
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
UPDATE: I was able to get Tomcat to host my static html OUTSIDE of webapps using a new Host and Context element in my sever.xml:



The appBase defines the location of my static html and docBase defines the folder containing the website's specific html relative to appBase. The name and alias attributes define the domain name requests Tomcat will match and serve NOT DEPENDENT on the path of the URL.
 
Saloon Keeper
Posts: 23409
159
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Brandon!

Properly, a J(2)EE web application is completely self-contained. Everything is within the WAR, and in its most standards-compliant form, the WAR is a single file (not unzipped/exploded).

If you want to serve up content from outside the WAR, you'd need to create another webapp to serve it up from. That's basically what you've done. The extra Host definition isn't strictly necessary, but I am a little surprised that you got it to work without the proper WAR structure (including a WEB-INF/web.xml file).

It is not necessary to locate files outside of a WAR to allow them to be served up in a secure environment. All that's needed is proper configuration of the security rules in web.xml. The one thing you never want to do is make a rule that secures "/*", since that gets you into a chicken-and-egg problem. Not only does it block access to any scripts and CSS until you've logged in, it can potentially block access to the login page itself.

One very important note: The J2EE container security mechanism secures URL paths, not Resource paths. In other words, if you have a rule that secures URLs of the form "http://myserver/myapp/admin*", the only reason that files in the war's /admin directory are secured is because the default servlet converts URL paths to resource paths in a fairly straight mechanism. If I wrote a servlet that kept user IDs and passwords under the resource path of /admin/password, but the servlet's path was /utils/useradmin, then the /admin/password resource wouldn't be protected by the web.xml. You'd need an actual /admin/* or /admin/password rule to block direct access to the passwords themselves.

Incidentally, Tomcat eases the "everything under the WAR" rule. You can make a symbolic link in the filesystem so that, for example, "/images" actually refers to /var/www/site-images or something like that. However it requires setting a Tomcat configuration option. By default Tomcat won't follow symlinks because they're a potential security hole.

It's actually not a bad idea to put common resources in a shared common resource webapp distinct from the business-logic webapp. That can give all your internal webapps a standard look-and-feel option.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Placing static files in a .war or webapp is not an option for me because
my static files are dynamically unloaded from a database and can also be extended by uploades.
How can i download such semi-static files? Simply write them out over getOutputStream is not an option because of ne featues like Range-Headers oder ETAG handling.
Is there no standard way to let tomcat handle external files like file in a webapp?
 
Tim Holloway
Saloon Keeper
Posts: 23409
159
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No. there is no support in JEE for returning the contents of file or other non-static external datasources. It is required that you write your own custom servlet or copy one from someone else.

I'm afraid that I cannot understand the meaning of "Range Headers or ETAG handling". If you are referring to HTTP Range requests, it is your output servlet's task to determine what part of the content to return to the client in your HTTP Response Stream. And to set the necessary extra HTTP headers and MIME (Content-type) information.
 
Saloon Keeper
Posts: 12806
278
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't get it. Your files don't sound static at all. Why not just store them in a database as blobs?
 
Listen. That's my theme music. That's how I know I'm a super hero. That, and this tiny ad told me:
SKIP - a book about connecting industrious people with elderly land owners
https://coderanch.com/t/skip-book
reply
    Bookmark Topic Watch Topic
  • New Topic