Inhaltsverzeichnis
Jakarta-Tomcat 5 Installation auf SLES 9
Da Tomcat-5.5 java in der Version 1.5 benötigt wird, aber in der Distribution SuSE SLES 9 64bit java-1.4 enthalten ist, wird von http://tomcat.apache.org/ der Download der Version 5.0.28 (stable) verwendet. Das Archiv wird in /srv/www/tomcat5 entpackt. Anschließend wurden die examples und nicht benötigte webapps entfernt.
Installation
- cd /srv/www
- tar xzf jakarta-tomcat-5.0.28.tar.gz
- mv jakarta-tomcat-5.0.28 tomcat5
- cd tomcat5/webapps
- rm -rf jsp-examples servlets-examples tomcat-docs webdav
Konfiguration
profile.d
/etc/profile.d/java.sh
export JAVA_HOME="/usr/java/j2re1.4.2_02" export JAVA_PATH="$JAVA_HOME" export PATH="$PATH:$JAVA_HOME/bin"
sysconfig/tomcat5
/etc/sysconfig/tomcat5
CATALINA_HOME="/srv/www/tomcat5" CATALINA_BASE="/srv/www/tomcat5"
Apache als Reverse-Proxy
Durch den Apache als Reverse-Proxy mitteles mod_proxy und mod_rewrite ist es möglich, webapps einzeln anzusteuern. Die Kommunikation zum tomcat Server findet über den Reverse-Proxy (unverschlüsselt) statt. Der Dienst auf Port 83 soll zusätzlich SSL verschlüsselt sein.
mod_proxy+mod_rewrite Konfiguration (Basis)
loadmodules.conf
LoadModule proxy_module /usr/lib64/apache2-worker/mod_proxy.so LoadModule proxy_connect_module /usr/lib64/apache2-worker/mod_proxy_connect.so LoadModule proxy_http_module /usr/lib64/apache2-worker/mod_proxy_http.so LoadModule rewrite_module /usr/lib64/apache2-worker/mod_rewrite.so
SSL-Zertifikate erstellen
SSL-Zertifikate für Apache sollen ins Verzeichnis certs abgelegt werden.
Verzeichnis für Zertifikate anlegen
mkdir -p certs cd certs
RSA private Key erzeugen
openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus ...........................................++++++ .........................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: ***** Verifying - Enter pass phrase for server.key: *****
PEM file erzeugen
openssl rsa -in server.key -out server.pem
Enter pass phrase for server.key: writing RSA key
Certificate Sign Request erzeugen -
z.B. für cacert.org> openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Hessen Locality Name (eg, city) []:Darmstadt Organization Name (eg, company) [Internet Widgits Pty Ltd]:tiri Ltd. Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:java.tiri.li Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
CSR Testen
openssl req -text -noout -in server.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=DE, ST=Hessen, L=Darmstadt, O=tiri Ltd., CN=java.tiri.li
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d4:f3:a1:af:69:f2:56:00:48:6b:b7:99:30:b4:
d8:75:c4:7f:c0:ef:25:35:52:fe:4f:69:4c:e7:3c:
c7:ad:b8:b0:61:ef:20:f9:61:d3:06:dd:14:96:8b:
0b:f3:ff:5e:1e:99:51:f6:70:02:11:70:87:29:b4:
8c:e7:ca:3d:7c:39:e1:35:09:c4:e8:01:8d:e7:10:
af:df:a9:ad:c8:ea:43:f4:06:9b:92:fe:12:c4:d9:
62:b9:40:65:85:b0:cf:01:aa:0d:71:63:40:0f:19:
ef:5e:7f:f6:4a:35:58:b6:f1:0c:75:d4:de:b8:50:
40:bb:24:45:6f:2b:aa:1d:83
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
26:a7:48:3d:7f:45:86:81:46:8e:bd:0e:05:f1:c9:42:d5:a5:
56:f9:09:d9:6c:5f:07:fc:26:0d:3f:26:12:f1:84:74:04:96:
77:c1:54:0b:db:5a:cf:3f:90:ff:86:43:a4:17:74:3e:04:12:
0f:1a:d2:d9:8e:6d:39:49:ea:d7:73:e1:1d:34:af:cb:67:59:
66:70:0e:66:31:94:1c:86:ef:87:14:d6:ec:9d:d8:0e:fa:90:
a9:99:9f:26:0e:f8:48:ce:0b:4e:18:67:c5:5c:38:11:3f:2a:
44:55:3c:55:53:cf:b1:37:f7:22:0b:b0:0f:71:57:d2:2d:4e:
36:3d
Dieses CSR muss an die Zertifizierungsstelle übermittelt werden, damit ein entsprechendes Zertifikat erzeugt werden kann.
Self-Signed Certificate erzeugen
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok subject=/C=DE/ST=Hessen/L=Darmstadt/O=tiri Ltd./CN=java.tiri.li Getting Private key Enter pass phrase for server.key:
Dateinamen anpassen
cd /etc/apache2/certs
for i in server.*
do
mv $i $(echo $i | sed -e "s|server|java.tiri.li|g")
done
Zertifikat testen
openssl x509 -noout -text -in java.tiri.li.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 124462 (0x1e62e)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
Not Before: Feb 7 15:15:11 2006 GMT
Not After : Aug 6 15:15:11 2006 GMT
Subject: CN=java.tiri.li
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:81:cd:f2:f0:7c:d0:95:50:9a:2d:80:37:6b:
b0:cf:5b:4d:df:ae:f1:9d:25:ad:a9:dc:2d:c6:bd:
...
32:55:77:40:19:83:96:51:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
X509v3 Key Usage:
Digital Signature, Key Encipherment
Authority Information Access:
OCSP - URI:http://ocsp.cacert.org
X509v3 Subject Alternative Name:
DNS:java.tiri.li, othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
c9:40:40:81:69:f3:2b:f9:03:7e:58:71:3d:40:2d:ed:a5:8c:
...
1e:67:42:b6:d8:ca:c7:3e:c7:a4:9e:54:88:a4:c0:0e:ab:ea:
8e:f4:e5:99:84:4b:7e:a7
apache Konfiguration
Die Java Webapplikation heißt javatest und soll auf Port 83 ssl-verschlüsselt laufen. Die Verbindung zum tomcat Server via localhost (port 9080) läuft unverschlüsselt ab.
tomcat5-ssl.conf
Listen 83
<VirtualHost *:83>
ServerName java.tiri.li
ServerAdmin info@tiri.li
DocumentRoot "/srv/www/tomcat5/webapps"
ErrorLog /var/log/apache2/java.tiri.li-error.log
# Allow accessing the document root directory
<Directory "/srv/www/tomcat5/webapps">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# Log only non-redirect requests in "normal" log file
SetEnvIf Request_URI "\/javatest\/*" redirect
CustomLog /var/log/apache2/java.tiri.li-access-redirect.log common env=redirect
CustomLog /var/log/apache2/java.tiri.li-access.log common env=!redirect
RewriteEngine on
RewriteLog /var/log/apache2/java.tiri.li-rewrite.log
RewriteLogLevel 9
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-f
RewriteRule .* http://127.0.0.1:9080/javatest/%{REQUEST_URI}&%{QUERY_STRING} [P]
RedirectPermanent /javatest/ http://java.tiri.li/
ProxyPass /javatest/ !
ProxyPass / http://127.0.0.1:9080/javatest/
ProxyPassReverse / http://127.0.0.1:9080/javatest/
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /etc/apache2/certs/java.tiri.li.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/apache2/certs/java.tiri.li.key
SSLCertificateKeyFile /etc/apache2/certs/java.tiri.li.pem
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/apache2/ssl.crt
SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/java.tiri.li-ssl_request_log ssl_combined
</VirtualHost>
Tomcat Konfiguration
conf/server.xml
<Server port="9005" shutdown="SHUTDOWN">
<GlobalNamingResources>
<!-- Used by Manager webapp -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="9080" />
<!-- This is here for compatibility only, not required -->
<Connector port="9009" protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost">
<Logger className="org.apache.catalina.logger.FileLogger" />
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
<Host name="localhost" appBase="webapps" />
</Engine>
</Service>
</Server>
rctomcat
/etc/rc.d/init.d/tomcat5
#! /bin/sh
# /etc/init.d/tomcat5
# System startup script for the Tomcat servlet container
#
### BEGIN INIT INFO
# Provides: tomcat5
# Required-Start: $local_fs $remote_fs
# X-UnitedLinux-Should-Start: $named $syslog $time
# Required-Stop: $local_fs $remote_fs
# X-UnitedLinux-Should-Stop: $named $syslog $time
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Tomcat Servlet Container
# Description: Start Tomcat to allow JAVA server pages
### END INIT INFO
tomcatIsRunning()
{
tomcat_ps_log=`mktemp /var/tmp/tomcat-ps.log.XXXXXX`
ps aux --cols 1024 >"$tomcat_ps_log"
tomcat_is_running="false"
if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$tomcat_ps_log" >/dev/null 2>/dev/null ; then
tomcat_is_running="true"
fi
rm -f "$tomcat_ps_log"
test "$tomcat_is_running" = "true"
}
# Check for missing binaries and configuration
# Note: Special treatment of stop for LSB conformance
TOMCAT_CONFIG=/etc/sysconfig/tomcat5
test -r "$TOMCAT_CONFIG" || { echo "$TOMCAT_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. "$TOMCAT_CONFIG"
#CATALINA_HOME="$CATALINA_HOME_4"
#CATALINA_BASE="$CATALINA_BASE_4"
# defaults CATALINA_BASE to CATALINA_HOME
test -n "$CATALINA_BASE" || CATALINA_BASE="$CATALINA_HOME"
test -x "$CATALINA_HOME/bin/startup.sh" || { echo "$CATALINA_HOME/bin/startup.sh not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
test -x "$CATALINA_HOME/bin/shutdown.sh" || { echo "$CATALINA_HOME/bin/shutdown.sh not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# is the BASE valid?
test -d "$CATALINA_BASE/webapps" || test -L "$CATALINA_BASE/webapps" || { echo "$CATALINA_BASE/webapps not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# the following variables affects the server
export CATALINA_HOME CATALINA_BASE
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting Tomcat ($CATALINA_BASE)"
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# NOTE: startproc return 0, even if service is
# already running to match LSB spec.
if tomcatIsRunning ; then
rc_failed 0
else
# try to fix permissions
chown --dereference tomcat:tomcat "$CATALINA_BASE"
for dir in "$CATALINA_BASE/conf" \
"$CATALINA_BASE/logs" \
"$CATALINA_BASE/temp" \
"$CATALINA_BASE/webapps" \
"$CATALINA_BASE/work" ; do
# the command true is used because of for example conf directory may be mounted read-only
test -d "$dir" && chown -R --dereference tomcat:tomcat "$dir" 2>/dev/null || true
done
su tomcat -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
sleep 1
if tomcatIsRunning ; then
rc_failed 0
else
rc_failed 7
fi
fi
rc_status -v
;;
stop)
echo -n "Shutting down Tomcat ($CATALINA_BASE)"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
if tomcatIsRunning ; then
su tomcat -s /bin/bash -c "$CATALINA_HOME/bin/shutdown.sh" >"$CATALINA_BASE/logs/stop.log" 2>&1
# wait 60 sec for stop at maximum
wait_sec=60
while [ "$wait_sec" != "0" ] ; do
sleep 1
if ! tomcatIsRunning ; then
# theTomcat server is stopped, end the loop
wait_sec=0
break
fi
wait_sec=$((wait_sec -1))
done
# check the final status
if tomcatIsRunning ; then
rc_failed 1
else
rc_failed 0
fi
else
rc_failed 0
fi
# Remember status and be verbose
rc_status -v
;;
try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
echo -n "Reload service Tomcat $($CATALINA_BASE)"
## if it supports it:
#killproc -HUP $TOMCAT_BIN
#touch /var/run/FOO.pid
#rc_status -v
## Otherwise:
$0 stop && $0 start
rc_status
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
# If it supports signalling:
#echo -n "Reload service FOO"
#killproc -HUP $TOMCAT_BIN
#touch /var/run/FOO.pid
#rc_status -v
## Otherwise if it does not support reload:
rc_failed 3
rc_status -v
;;
status)
echo -n "Checking for Tomcat ($CATALINA_BASE)"
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
if tomcatIsRunning ; then
rc_failed 0
else
rc_failed 3
fi
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
servlet Konfiguration
Ein Servlet wird in Tomcat aktiviert, indem die für das Servlet benötigten Dateien in ein Unterverzeichnis von $CATALINA_BASE/webapps/ gelegt werden.
Das Servlet heißt hier javatest und wird entsprechend in das Verzeichnis webapps/javatest/ entpackt. In diesem Verzeichnis liegen alle html- und jsp-Seiten, die das Servlet aufrufen. Unter webapps/javatest/WEB-INF liegt die Datei web.xml, in der das Servlet konfiguriert wird. Im Verzeichnis web apps/javatest/WEB-INF/classes liegen die class-Files des Java-Programms.
javatest.WEB-INF.web.xml
In dieser Datei wird das Servlet konfiguriert. Es geschieht hier eine zweistufige Benennung: Zuerst wird einem Servletnamen eine Java-Klasse zugewiesen (jedes Servlet ist eine Java-Klasse), danach wird eingestellt, über welchen URL das Servlet angesprochen wird:
- Java Klassenbezeichner → Servletname
- Servletname → URL
Für den Directory-Index verantwortlich ist die Direktive “welcome-file-list”. Ein Directory-Listing selbst wird durch den init-param.param-name “listings” gesteuert.
web.xml
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Javatest</display-name>
<description>
Javatest
</description>
<servlet>
<servlet-name>cdrom</servlet-name>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
