« Groovy, DSLs and Rules engines
Just what is software architecture? »

Following symbolic links in Tomcat

We have several web applications derived from the same code base and as well as sharing the jars in WEB-INF/lib, we provide set of administration pages to allow users to configure and administer the applications. Until now, we’ve always had to make copies of the admin pages and this has caused us configuration headaches as we try and make sure that all the applications have the latest versions of all the pages.

But now I’ve finally managed to work out how to make Tomcat follow symbolic links—and it’s very easy! All you have to do is add allowLinking="true" to the Context tag in the context.xml file. For Tomcat 5.5 and later, I find the most convenient way is to have a META-INF directory in the web application directory and have a context.xml file in this. Like this all the files to do with the web application are in the same place and copying and deploying is easy. So, my context.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>

<Context path="/myapp" allowLinking="true">

</Context>

As soon as you restart Tomcat, the change comes into effect and you can share directories between applications or even link to directories outside the web application home directory. If you still using Tomcat 4.x then you can’t use the context.xml in the META-INF directory. Instead you have to put it in the server.xml itself.

Tags: ,

This entry was posted on Thursday, January 24th, 2008 at 1:31 pm by DenisH and is filed under Blog Entries, Java, Web development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Following symbolic links in Tomcat”

  1. DenisH Says:
    March 31st, 2008 at 9:05 am

    It turns out that there are a few caveats to using “allowLinking”. First the documentation for the context element for Tomcat 5.5 says: NOTE: This flag MUST NOT be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems.

    And second, in the migration documentation from 5.5 to Tomcat 6, it says “When using a shared webhosting environment, it is recommended that usage of context.xml inside a WAR is forbidden (using the deployXML attribute of the Host element)”. Presumably this is because it would allow badly behaved configurations to be loaded?

    So, just be aware of these pieces of advice if you are going to use the context.xml and allowLinking.

Leave a Reply