Manualshelf

NonStop Servlets for JavaServer Pages (NSJSP) 7.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
141142143144145146147148149150
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) 7.0 System Administrator’s Guide—674372-005
3-66
The server.xml File
Setting this property to true will allow the NSJSP container to deploy the
application using the context.xml file in the application’s META-INF directory.
This means that the application can define its own context. There are certain
parameters in the context definition that could allow a rogue application to gain
access to the NSJSP servlet container's internal resources and also to other
applications running alongside the rogue application. The following properties can
be exploited by a rogue application:
crossContext
If this value is set to true, calls to
javax.servlet.ServletContext.getContext(<context uri>) will return
the ServletContext of the application with the context name <context uri>. This
means that the caller will have access to contexts for other applications
running on the same Host. Although the default value is false, the application
can still set this property to true and gain access to other applications'
contexts.
privileged
If this value is set to true, the application is treated as a privileged
application and will have access to all the internal classes of NSJSP.
Child Element Nested in the Host Element
The request tracker Valve is configured as a child element in the Host element.
Valve Element
A Valve element represents a component that will be inserted into the request
processing pipeline for a container. A Valve element can be configured as a child
element of an Engine, Host or a Context. The following valves are configured in
the default server.xml file:
Request Tracker Valve
The class name of this valve is
com.hp.tandem.nsjsp.valves.RequestTrackerValve. This valve
must be configured for every configured Host element. The valve tracks all the
requests flowing to the applications in that Host. This information is used for
displaying application statistics in the new NSJSP Manager application. There
is no overhead incurred in configuring this valve.