403 Forbidden error

Discussion in 'Java JSP/Servlet' started by nicksnels, Jul 9, 2007.

  1. nicksnels

    nicksnels New Member

    Hi,

    I'm trying to create a virtual host to access files in my Tomcat webapps folder in Litespeed 3.1.1. So far I have made a script handler for jsp files (although there are no jsp files involved) and I have made the following context:

    Java Web App
    URI: /
    Location: $VH_ROOT/
    Servlet Engine: [Server Level]: Tomcat AJP, which is essentially a servlet engine on address localhost:8009

    Everything works fine when I access it directly on Tomcat. When I go to the virtual host I can access images, directories with sound files, html and js files. The only thing I can't access is a folder defined in the web.xml file in the WEB-INF folder. When I try to access it I get a 403 Forbidden error. I can however access it directly on Tomcat. I have already tried many different configurations and none of them are working. I don't really know how to pinpoint the error, is it Tomcat, AJP, Litespeed config or the servlet. Hope you can help me out. Thanks.

    Kind regards,

    Nick
  2. mistwang

    mistwang LiteSpeed Staff

    Access to WEB-INF directory is blocked internally by LSWS for security reason. I think it is less desirable to expose the configuration file and other servlet class objects.

    For anything need to be accessed directly via HTTP should be stored out side of that directory. I strongly suggest that, even when you are not using LiteSpeed. ;)
  3. nicksnels

    nicksnels New Member

    Thanks for the reply. It is an application that is not written by me, so it would be hard(er) to change it. I will provide some more details, so a solution is possible.

    In the WEB-INF folder there is a file called web.xml with the following content:

    <?xml version="1.0" encoding="ISO-8859-1"?>

    <!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

    <web-app>

    <!-- General description of your web application -->

    <display-name>An HTTP Binding Gateway to Jabber</display-name>
    <description>
    An implementation of JEP-0124 (HTTP-Binding). See
    http://www.jabber.org/jeps/jep-0124.html for details.
    </description>

    <context-param>
    <param-name>author</param-name>
    <param-value>xxx</param-value>
    <description>
    The EMAIL address of the author to whom questions
    and comments about this application should be addressed.
    </description>
    </context-param>

    <servlet>
    <servlet-name>Jabber HTTP Binding Servlet</servlet-name>
    <servlet-class>org.jabber.JabberHTTPBind.JHBServlet</servlet-class>
    </servlet>

    <servlet-mapping>
    <servlet-name>Jabber HTTP Binding Servlet</servlet-name>
    <url-pattern>/JHB/</url-pattern>
    </servlet-mapping>

    <session-config>
    <session-timeout>30</session-timeout> <!-- 30 minutes -->
    </session-config>

    </web-app>

    This makes sure that when Tomcat is started, I can access a bunch of class files that are in WEB-INF/classes as http://localhost:8080/chat/JHB/ . Is it possible to access these files by using a proxy, ... or can I circumvent the security in LSWS or can I put these files elsewhere? Any help is very welcome. Thanks.

    Kind regards,

    Nick
  4. mistwang

    mistwang LiteSpeed Staff

    I think you should use URI: /chat/ when you create the Java Web App context.
    You can have LiteSpeed proxy to backend tomcat as well.
  5. princecox13

    princecox13 New Member

    Depending on configuration, I could not tell you which though, I am getting 403 and 400 alternatingly. Tried with different encodings, without the Bom etc, going via fiel. I did get it to work once, reading the example from the link above from and sending that. But it does not anyone.
  6. ravendawson

    ravendawson New Member

    same issue with princecox...have you found the answer now?
  7. mistwang

    mistwang LiteSpeed Staff

    just use plain proxy to talk to backend servlet engine.

Share This Page