jsp
...
5.1 Creating Basic Filters 209
Disable the Invoker Servlet
When you apply filters to resources, you do so by specifying the URL pattern or servlet
name to which the filters apply. If you supply a servlet name, that name must
match a name given in the servlet element of web.xml. If you use a URL pattern
that applies to a servlet, the pattern must match a pattern that you specified with the
servlet-mapping web.xml element??”see Section 2.4 (Assigning Names and Custom
URLs). However, most servers use an ???invoker servlet??? that provides a default
URL for servlets: http://host/webAppPrefix/servlet/ServletName. You need to make
sure that users don??™t access servlets with this URL, thus bypassing the filter settings.
Section 2.5 (Disabling the Invoker Servlet) discusses server-specific approaches to
turning off the invoker. The most portable approach, however, is to simply remap the
/servlet/* pattern in your Web application so that all requests that include the
pattern are sent to the same servlet. To remap the pattern, you first create a simple servlet
that prints an error message. Then, you use the servlet and servlet-mapping
elements (Section 2.3) to send requests that include the /servlet/* pattern to that
servlet. Listing 5.1 gives a brief example.
Listing 5.1 web.xml (Excerpt that blocks default servlet URLs)
Pages:
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259