Skip to Main Content
Tomcat: The Definitive Guide, 2nd Edition
book

Tomcat: The Definitive Guide, 2nd Edition

by Jason Brittain, Ian F. Darwin
October 2007
Intermediate to advanced content levelIntermediate to advanced
496 pages
16h 50m
English
O'Reilly Media, Inc.
Content preview from Tomcat: The Definitive Guide, 2nd Edition

Multiple Server Security Models

We strongly advise against sharing a filesystem directory between Apache httpd's document root tree and Tomcat's webapps tree. Although it could be convenient to put together a web application that is contained within one directory and takes advantage of features from both Apache httpd and Tomcat, the security implications of doing so are just too numerous to track and handle.

A common example of this: a company already has Apache httpd serving a PHP web application, and for whatever reason they want to also include some JSP pages and potentially Java servlets. They add the JSP files among the PHP files—in the same directory. They configure Tomcat to deploy one of the directories in Apache httpd's document root as a Tomcat webapp, even though it is already deployed in Apache httpd. Apache httpd handles the *.php files, and the developers configure Apache httpd to forward all requests for *.jsp to Tomcat. Works great, right? Because of the security issues with this configuration, we strongly advise you not to share deployment directories this way.

When sharing a physical directory of web pages between the Apache httpd web server and Tomcat on the same machine (or network filesystem), beware of interactions between their respective security models. This is particularly critical when you have "protected directories." If you're using the simplistic sharing modes detailed in Chapter 5, such as load sharing using separate port numbers or proxying from Apache ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Apache Tomcat 7

Apache Tomcat 7

James Goodwill, Aleksa Vukotic
Java Servlet Programming, 2nd Edition

Java Servlet Programming, 2nd Edition

Jason Hunter, William Crawford

Publisher Resources

ISBN: 9780596101060Supplemental ContentErrata