root/main/trunk/greenstone3/web/WEB-INF/web.xml @ 26576

Revision 26576, 12.6 KB (checked in by ak19, 7 years ago)

Deny access to the Greenstone 3 log files, with greenstone.log particularly in mind. The change is made to web.xml, which will make it easier for users to choose to allow public access to these logs if they want to share the contents with the mailing list were they to encounter any GS3 problems.

  • Property svn:keywords set to Author Date Id Revision
Line 
1<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
2<!-- this is based on a sample web.xml file provided by
3http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/web.xml.txt
4-->
5<web-app>
6    <display-name>GSDL3</display-name>
7    <description>
8        Greenstone digital library version 3.
9    </description>
10 
11    <filter>
12        <filter-name>Greenstone URL Filter</filter-name>
13        <filter-class>org.greenstone.gsdl3.core.URLFilter</filter-class>
14    </filter>
15
16    <filter-mapping>
17        <filter-name>Greenstone URL Filter</filter-name>
18        <url-pattern>*</url-pattern>
19    </filter-mapping>
20 
21    <!-- Context initialization parameters that define shared
22    String constants used within your application, which
23    can be customized by the system administrator who is
24    installing your application.  The values actually
25    assigned to these parameters can be retrieved in a
26    servlet or JSP page by calling:
27
28    String value =
29    getServletContext().getInitParameter("name");
30
31    where "name" matches the <param-name> element of
32    one of these initialization parameters.
33
34    You can define any number of context initialization
35    parameters, including zero.
36    -->
37 
38    <context-param>
39        <param-name>webmaster</param-name>
40        <param-value>greenstone3@list.scms.waikato.ac.nz</param-value>
41        <description>
42            The EMAIL address of the administrator to whom questions
43            and comments about this application should be addressed.
44        </description>
45    </context-param>
46 
47
48    <!-- Servlet definitions for the servlets that make up
49    your web application, including initialization
50    parameters.  With Tomcat, you can also send requests
51    to servlets not listed here with a request like this:
52
53    http://localhost:8080/{context-path}/servlet/{classname}
54
55    but this usage is not guaranteed to be portable.  It also
56    makes relative references to images and other resources
57    required by your servlet more complicated, so defining
58    all of your servlets (and defining a mapping to them with
59    a servlet-mapping element) is recommended.
60
61    Servlet initialization parameters can be retrieved in a
62    servlet or JSP page by calling:
63
64    String value =
65    getServletConfig().getInitParameter("name");
66
67    where "name" matches the <param-name> element of
68    one of these initialization parameters.
69
70    You can define any number of servlets, including zero.
71    -->
72
73    <servlet>
74        <servlet-name>tester</servlet-name>
75        <description>a test servlet</description>
76        <servlet-class>TestServlet</servlet-class>
77    </servlet>
78 
79    <!-- For client side text fetching -->
80    <servlet>
81        <servlet-name>grabtext</servlet-name>
82        <description>Grabs text for client-side display with minimal overhead.</description>
83        <servlet-class>org.greenstone.gsdl3.ClientSideServlet</servlet-class>
84    </servlet>
85 
86 
87    <servlet>
88        <servlet-name>library</servlet-name>
89        <description>The standard gsdl3 library program</description>
90        <servlet-class>org.greenstone.gsdl3.LibraryServlet</servlet-class>
91        <init-param>
92            <param-name>library_name</param-name>
93            <param-value>library</param-value>
94        </init-param>
95        <init-param>
96            <param-name>site_name</param-name>
97            <param-value>localsite</param-value>
98        </init-param>
99        <init-param>
100            <param-name>interface_name</param-name>
101            <param-value>default</param-value>
102        </init-param>
103        <init-param>
104            <param-name>receptionist_class</param-name>
105            <param-value>DefaultReceptionist</param-value>
106        </init-param>
107        <init-param>
108            <param-name>default_lang</param-name>
109            <param-value>en</param-value>
110        </init-param>
111    </servlet>
112 
113    <servlet>
114        <servlet-name>gs2-library</servlet-name>
115        <description>Greenstone 2 lookalike library program: uses localsite with the gs2 interface</description>
116        <servlet-class>org.greenstone.gsdl3.LibraryServlet</servlet-class>
117        <init-param>
118            <param-name>library_name</param-name>
119            <param-value>gs2-library</param-value>
120        </init-param>
121        <init-param>
122            <param-name>site_name</param-name>
123            <param-value>localsite</param-value>
124        </init-param>
125        <init-param>
126            <param-name>interface_name</param-name>
127            <param-value>gs2</param-value>
128        </init-param>
129        <init-param>
130            <param-name>default_lang</param-name>
131            <param-value>en</param-value>
132        </init-param>
133        <init-param>
134            <param-name>session_expiration</param-name>
135            <param-value>1800</param-value>
136        </init-param>
137        <init-param>
138            <param-name>params_class</param-name>
139            <param-value>GS2Params</param-value>
140        </init-param>
141    </servlet>
142 
143    <servlet>
144        <servlet-name>nzdl-library</servlet-name>
145        <description>gsdl3 library program</description>
146        <servlet-class>org.greenstone.gsdl3.LibraryServlet</servlet-class>
147        <init-param>
148            <param-name>library_name</param-name>
149            <param-value>nzdl</param-value>
150        </init-param>
151        <init-param>
152            <param-name>site_name</param-name>
153            <param-value>nzdl</param-value>
154        </init-param>
155        <init-param>
156            <param-name>interface_name</param-name>
157            <param-value>nzdl</param-value>
158        </init-param>
159        <init-param>
160            <param-name>default_lang</param-name>
161            <param-value>en</param-value>
162        </init-param>
163        <init-param>
164            <param-name>params_class</param-name>
165            <param-value>NZDLParams</param-value>
166        </init-param>
167        <init-param>
168            <param-name>session_expiration</param-name>
169            <param-value>600</param-value>
170        </init-param>
171  </servlet>
172
173    <servlet>
174        <servlet-name>gateway</servlet-name>
175        <description>gsdl3 library based on gateway site and basic interface. It uses SOAP to talk to localsite</description>
176        <servlet-class>org.greenstone.gsdl3.LibraryServlet</servlet-class>
177        <init-param>
178            <param-name>library_name</param-name>
179            <param-value>gateway</param-value>
180        </init-param>
181        <init-param>
182            <param-name>site_name</param-name>
183            <param-value>gateway</param-value>
184        </init-param>
185        <init-param>
186            <param-name>interface_name</param-name>
187            <param-value>basic</param-value>
188        </init-param>
189        <init-param>
190            <param-name>default_lang</param-name>
191            <param-value>en</param-value>
192        </init-param>
193    </servlet>
194 
195    <servlet>
196        <servlet-name>basic-library</servlet-name>
197        <description>basic gsdl3 library program: uses localsite and the basic interface</description>
198        <servlet-class>org.greenstone.gsdl3.LibraryServlet</servlet-class>
199        <init-param>
200            <param-name>library_name</param-name>
201            <param-value>basic-library</param-value>
202        </init-param>
203        <init-param>
204            <param-name>site_name</param-name>
205            <param-value>localsite</param-value>
206        </init-param>
207        <init-param>
208            <param-name>interface_name</param-name>
209            <param-value>basic</param-value>
210        </init-param>
211        <init-param>
212            <param-name>default_lang</param-name>
213            <param-value>en</param-value>
214        </init-param>
215        <!--<init-param>
216            <param-name>allow_client_side_xslt</param-name>
217            <param-value>true</param-value>
218        </init-param>-->
219    </servlet>
220
221    <!-- axis servlets -->
222    <servlet>
223        <servlet-name>AxisServlet</servlet-name>
224        <display-name>Apache-Axis Servlet</display-name>
225        <servlet-class>
226            org.apache.axis.transport.http.AxisServlet
227        </servlet-class>
228    </servlet>
229
230    <servlet>
231        <servlet-name>AdminServlet</servlet-name>
232        <display-name>Axis Admin Servlet</display-name>
233        <servlet-class>
234            org.apache.axis.transport.http.AdminServlet
235        </servlet-class>
236        <load-on-startup>100</load-on-startup>
237    </servlet>
238
239    <servlet>
240        <servlet-name>SOAPMonitorService</servlet-name>
241        <display-name>SOAPMonitorService</display-name>
242        <servlet-class>
243            org.apache.axis.monitor.SOAPMonitorService
244        </servlet-class>
245        <init-param>
246            <param-name>SOAPMonitorPort</param-name>
247            <param-value>5001</param-value>
248        </init-param>
249        <load-on-startup>100</load-on-startup>
250    </servlet>
251   
252    <servlet>
253        <servlet-name>oaiserver</servlet-name>
254        <description>an oai servlet</description>
255        <servlet-class>org.greenstone.gsdl3.OAIServer</servlet-class>
256        <init-param>
257            <param-name>default_lang</param-name>
258            <param-value>en</param-value>
259        </init-param>
260        <init-param>
261            <param-name>site_name</param-name>
262            <!-- More than one site name can be specified using the comma separation style: localsite1,localsite2 -->
263            <param-value>localsite</param-value>
264        </init-param>
265    </servlet>
266   
267    <servlet>
268        <servlet-name>mat</servlet-name>
269        <description>Metadata Analysis Tool</description>
270        <servlet-class>org.greenstone.mat.servlet.MatServlet</servlet-class>
271    </servlet>
272
273
274
275
276 
277    <!-- Define mappings that are used by the servlet container to
278         translate a particular request URI (context-relative) to a
279         particular servlet.  The examples below correspond to the
280         servlet descriptions above.  Thus, a request URI like:
281
282           http://localhost:8080/{contextpath}/graph
283
284         will be mapped to the "graph" servlet, while a request like:
285
286           http://localhost:8080/{contextpath}/saveCustomer.do
287
288         will be mapped to the "controller" servlet.
289
290        Note: context path is determined by the servlet container -
291        in Tomcat, specified in server.xml -kjdon
292       
293         You may define any number of servlet mappings, including zero.
294         It is also legal to define more than one mapping for the same
295         servlet, if you wish to.
296    -->
297    <!--
298   
299    <servlet-mapping>
300      <servlet-name>controller</servlet-name>
301      <url-pattern>*.do</url-pattern>
302    </servlet-mapping>
303
304    <servlet-mapping>
305      <servlet-name>graph</servlet-name>
306      <url-pattern>/graph</url-pattern>
307    </servlet-mapping>
308    -->
309   
310
311<!--There is no need for this mapping, I think -->
312    <servlet-mapping>
313        <servlet-name>oaiserver</servlet-name>
314        <url-pattern>/oaiserver</url-pattern>
315    </servlet-mapping>
316
317    <servlet-mapping>
318        <servlet-name>nzdl-library</servlet-name>
319        <url-pattern>/nzdl</url-pattern>
320    </servlet-mapping>
321    <servlet-mapping>
322        <servlet-name>tester</servlet-name>
323        <url-pattern>/testing</url-pattern>
324    </servlet-mapping>
325 
326    <servlet-mapping>
327        <servlet-name>library</servlet-name>
328        <url-pattern>/library/*</url-pattern>
329    </servlet-mapping>
330
331    <servlet-mapping>
332        <servlet-name>gs2-library</servlet-name>
333        <url-pattern>/gs2-library</url-pattern>
334    </servlet-mapping>
335 
336    <servlet-mapping>
337        <servlet-name>gateway</servlet-name>
338        <url-pattern>/gateway</url-pattern>
339    </servlet-mapping>
340 
341    <servlet-mapping>
342        <servlet-name>basic-library</servlet-name>
343        <url-pattern>/basic-library</url-pattern>
344    </servlet-mapping>
345
346    <servlet-mapping>
347        <servlet-name>grabtext</servlet-name>
348        <url-pattern>/grabtext</url-pattern>
349    </servlet-mapping>
350 
351    <!-- axis mappings -->
352    <servlet-mapping>
353        <servlet-name>AxisServlet</servlet-name>
354        <url-pattern>/servlet/AxisServlet</url-pattern>
355    </servlet-mapping>
356
357    <servlet-mapping>
358        <servlet-name>AxisServlet</servlet-name>
359        <url-pattern>*.jws</url-pattern>
360    </servlet-mapping>
361
362    <servlet-mapping>
363        <servlet-name>AxisServlet</servlet-name>
364        <url-pattern>/services/*</url-pattern>
365    </servlet-mapping>
366   
367    <servlet-mapping>
368        <servlet-name>mat</servlet-name>
369        <url-pattern>/mat</url-pattern>
370    </servlet-mapping>
371
372
373  <!-- uncomment this if you want to use the SOAPMonitorService. You will also
374  need to copy the SOAPMonitorApplet*.class files from
375  gsdl3/comms/soap/axis/web/WEB-INF/classes to the gsdl3/web directory. See the
376  comms/soap/axis/docs/install.html Appendix for details about how to use this -->
377  <!--
378  <servlet-mapping>
379    <servlet-name>SOAPMonitorService</servlet-name>
380    <url-pattern>/SOAPMonitor</url-pattern>
381  </servlet-mapping>
382  -->
383  <!-- uncomment this if you want the admin servlet -->
384  <!--
385  <servlet-mapping>
386    <servlet-name>AdminServlet</servlet-name>
387    <url-pattern>/servlet/AdminServlet</url-pattern>
388  </servlet-mapping>
389  -->
390
391  <!-- Define the default session timeout for your application,
392  in minutes.  From a servlet or JSP page, you can modify
393  the timeout for a particular session dynamically by using
394  HttpSession.getMaxInactiveInterval(). -->
395
396  <session-config>
397    <session-timeout>240</session-timeout>    <!-- 4 hours -->
398  </session-config>
399
400  <!-- axis mime-mappings -->
401  <mime-mapping>
402    <extension>wsdl</extension>
403    <mime-type>text/xml</mime-type>
404  </mime-mapping>
405 
406  <mime-mapping>
407    <extension>xsd</extension>
408    <mime-type>text/xml</mime-type>
409  </mime-mapping>
410
411<!-- Deny access to contents of URL pattern /logs/*, although greenstone.log is the important one. It appears the url pattern has to be relative to the web directory.
412http://stackoverflow.com/questions/5333266/tomcat-deny-access-to-specific-files
413and http://www.coderanch.com/t/84442/Tomcat/write-correct-url-pattern-security -->
414  <security-constraint>
415    <web-resource-collection>
416        <web-resource-name>log files</web-resource-name>
417        <description>No direct access to greenstone's logs.</description>
418        <url-pattern>/logs/*</url-pattern>
419        <http-method>POST</http-method>
420        <http-method>GET</http-method>
421    </web-resource-collection>
422    <auth-constraint>
423        <description>No direct browser access to log files.</description>
424        <role-name>NobodyHasThisRole</role-name>
425    </auth-constraint>
426  </security-constraint>
427
428</web-app>
Note: See TracBrowser for help on using the browser.