In
the hotdotcom application, we used the servlet and servlet-mapping elements
to register the NoInvokerServlet with requests to http://host/hotdotcom/
servlet/anything. This servlet, shown in Listing 3.19, simply displays a message to the
user that the invoker servlet has been disabled.
Listing 3.19
WEB-INF/classes/coreservlets/
NoInvokerServlet.java
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Simple servlet used to give error messages to
* users who try to access default servlet URLs
* (i.e., http://host/webAppPrefix/servlet/ServletName)
* in Web applications that have disabled this
* behavior.
*/
public class NoInvokerServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String docType =
""Transitional//EN\">\n";
String title = "Invoker Servlet Disabled.";
out.println
(docType +
"\n" +
"
" + title + "\n" +
"\n" +
"
" + title + "
\n" +
"Sorry, access to servlets by means of\n" +
"URLs that begin with\n" +
"http://host/webAppPrefix/servlet/\n" +
3.2 Example: Form-Based Authentication 141
Unprotected Pages
The fact that some pages in a Web application have access restrictions does not imply
that all pages in the application need such restrictions.
Pages:
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193