org.apache.catalina.servlets
public final class: CGIServlet [javadoc |
source]
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
org.apache.catalina.servlets.CGIServlet
All Implemented Interfaces:
Serializable, Servlet, ServletConfig
CGI-invoking servlet for web applications, used to execute scripts which
comply to the Common Gateway Interface (CGI) specification and are named
in the path-info used to invoke this servlet.
Note: This code compiles and even works for simple CGI cases.
Exhaustive testing has not been done. Please consider it beta
quality. Feedback is appreciated to the author (see below).
Example:
If an instance of this servlet was mapped (using
<web-app>/WEB-INF/web.xml) to:
<web-app>/cgi-bin/*
then the following request:
http://localhost:8080/<web-app>/cgi-bin/dir1/script/pathinfo1
would result in the execution of the script
<web-app-root>/WEB-INF/cgi/dir1/script
with the script's PATH_INFO set to /pathinfo1.
Recommendation: House all your CGI scripts under
<webapp>/WEB-INF/cgi. This will ensure that you do not
accidentally expose your cgi scripts' code to the outside world and that
your cgis will be cleanly ensconced underneath the WEB-INF (i.e.,
non-content) area.
The default CGI location is mentioned above. You have the flexibility to
put CGIs wherever you want, however:
The CGI search path will start at
webAppRootDir + File.separator + cgiPathPrefix
(or webAppRootDir alone if cgiPathPrefix is
null).
cgiPathPrefix is defined by setting
this servlet's cgiPathPrefix init parameter
CGI Specification:
derived from
http://cgi-spec.golux.com.
A work-in-progress & expired Internet Draft. Note no actual RFC describing
the CGI specification exists. Where the behavior of this servlet differs
from the specification cited above, it is either documented here, a bug,
or an instance where the specification cited differs from Best
Community Practice (BCP).
Such instances should be well-documented here. Please email the
Tomcat group [dev@tomcat.apache.org]
with amendments.
Canonical metavariables:
The CGI specification defines the following canonical metavariables:
[excerpt from CGI specification]
AUTH_TYPE
CONTENT_LENGTH
CONTENT_TYPE
GATEWAY_INTERFACE
PATH_INFO
PATH_TRANSLATED
QUERY_STRING
REMOTE_ADDR
REMOTE_HOST
REMOTE_IDENT
REMOTE_USER
REQUEST_METHOD
SCRIPT_NAME
SERVER_NAME
SERVER_PORT
SERVER_PROTOCOL
SERVER_SOFTWARE
Metavariables with names beginning with the protocol name (e.g.,
"HTTP_ACCEPT") are also canonical in their description of request header
fields. The number and meaning of these fields may change independently
of this specification. (See also section 6.1.5 [of the CGI specification].)
[end excerpt]
Implementation notes
standard input handling: If your script accepts standard input,
then the client must start sending input within a certain timeout period,
otherwise the servlet will assume no input is coming and carry on running
the script. The script's the standard input will be closed and handling of
any further input from the client is undefined. Most likely it will be
ignored. If this behavior becomes undesirable, then this servlet needs
to be enhanced to handle threading of the spawned process' stdin, stdout,
and stderr (which should not be too hard).
If you find your cgi scripts are timing out receiving input, you can set
the init parameter
Metavariable Values: According to the CGI specificion,
implementations may choose to represent both null or missing values in an
implementation-specific manner, but must define that manner. This
implementation chooses to always define all required metavariables, but
set the value to "" for all metavariables whose value is either null or
undefined. PATH_TRANSLATED is the sole exception to this rule, as per the
CGI Specification.
NPH -- Non-parsed-header implementation: This implementation does
not support the CGI NPH concept, whereby server ensures that the data
supplied to the script are preceisely as supplied by the client and
unaltered by the server.
The function of a servlet container (including Tomcat) is specifically
designed to parse and possible alter CGI-specific variables, and as
such makes NPH functionality difficult to support.
The CGI specification states that compliant servers MAY support NPH output.
It does not state servers MUST support NPH output to be unconditionally
compliant. Thus, this implementation maintains unconditional compliance
with the specification though NPH support is not present.
The CGI specification is located at
http://cgi-spec.golux.com.
TODO:
- Support for setting headers (for example, Location headers don't work)
- Support for collapsing multiple header lines (per RFC 2616)
- Ensure handling of POST method does not interfere with 2.3 Filters
- Refactor some debug code out of core
- Ensure header handling preserves encoding
- Possibly rewrite CGIRunner.run()?
- Possibly refactor CGIRunner and CGIEnvironment as non-inner classes?
- Document handling of cgi stdin when there is no stdin
- Revisit IOException handling in CGIRunner.run()
- Better documentation
- Confirm use of ServletInputStream.available() in CGIRunner.run() is
not needed
- Make checking for "." and ".." in servlet & cgi PATH_INFO less
draconian
- [add more to this TODO list]
- author:
Martin - T Dengler [root@martindengler.com]
- author:
Amy - Roh
- version:
$ - Revision: 896371 $, $Date: 2010-01-06 11:30:07 +0100 (Wed, 06 Jan 2010) $
- since:
Tomcat - 4.0
| Nested Class Summary: |
|---|
| protected class | CGIServlet.CGIEnvironment | Encapsulates the CGI environment and rules to derive
that environment from the servlet container and request information.
|
| protected class | CGIServlet.CGIRunner | Encapsulates the knowledge of how to run a CGI script, given the
script's desired environment and (optionally) input/output streams
Exposes a run method used to actually invoke the
CGI.
The CGI environment and settings are derived from the information
passed to the constuctor.
The input and output streams can be set by the setInput
and setResponse methods, respectively.
|
| protected class | CGIServlet.HTTPHeaderInputStream | This is an input stream specifically for reading HTTP headers. It reads
upto and including the two blank lines terminating the headers. It
allows the content to be read using bytes or characters as appropriate. |
| Field Summary |
|---|
| static Object | expandFileLock | object used to ensure multiple threads don't try to expand same file |
| static Hashtable<String, String> | shellEnv | the shell environment variables to be passed to the CGI script |
| Methods from javax.servlet.http.HttpServlet: |
|---|
|
class$, doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service |
| Methods from javax.servlet.GenericServlet: |
|---|
|
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log, service |
| Methods from java.lang.Object: |
|---|
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method from org.apache.catalina.servlets.CGIServlet Detail: |
|---|
 protected void doGet(HttpServletRequest req,
HttpServletResponse res) throws ServletException, IOException {
// Verify that we were not accessed using the invoker servlet
if (req.getAttribute(Globals.INVOKED_ATTR) != null)
throw new UnavailableException
("Cannot invoke CGIServlet through the invoker");
CGIEnvironment cgiEnv = new CGIEnvironment(req, getServletContext());
if (cgiEnv.isValid()) {
CGIRunner cgi = new CGIRunner(cgiEnv.getCommand(),
cgiEnv.getEnvironment(),
cgiEnv.getWorkingDirectory(),
cgiEnv.getParameters());
//if POST, we need to cgi.setInput
//REMIND: how does this interact with Servlet API 2.3's Filters?!
if ("POST".equals(req.getMethod())) {
cgi.setInput(req.getInputStream());
}
cgi.setResponse(res);
cgi.run();
}
if (!cgiEnv.isValid()) {
res.setStatus(404);
}
if (debug >= 10) {
ServletOutputStream out = res.getOutputStream();
out.println("< HTML >< HEAD >< TITLE >$Name$< /TITLE >< /HEAD >");
out.println("< BODY >$Header$< p >");
if (cgiEnv.isValid()) {
out.println(cgiEnv.toString());
} else {
out.println("< H3 >");
out.println("CGI script not found or not specified.");
out.println("< /H3 >");
out.println("< H4 >");
out.println("Check the < b >HttpServletRequest ");
out.println("< a href=\"#pathInfo\" >pathInfo< /a >< /b > ");
out.println("property to see if it is what you meant ");
out.println("it to be. You must specify an existant ");
out.println("and executable file as part of the ");
out.println("path-info.");
out.println("< /H4 >");
out.println("< H4 >");
out.println("For a good discussion of how CGI scripts ");
out.println("work and what their environment variables ");
out.println("mean, please visit the < a ");
out.println("href=\"http://cgi-spec.golux.com\" >CGI ");
out.println("Specification page< /a >.");
out.println("< /H4 >");
}
printServletEnvironment(out, req, res);
out.println("< /BODY >< /HTML >");
}
}
Provides CGI Gateway service |
protected void doPost(HttpServletRequest req,
HttpServletResponse res) throws IOException, ServletException {
doGet(req, res);
} Provides CGI Gateway service -- delegates to doGet |
public void init(ServletConfig config) throws ServletException {
super.init(config);
// Verify that we were not accessed using the invoker servlet
String servletName = getServletConfig().getServletName();
if (servletName == null)
servletName = "";
if (servletName.startsWith("org.apache.catalina.INVOKER."))
throw new UnavailableException
("Cannot invoke CGIServlet through the invoker");
// Set our properties from the initialization parameters
if (getServletConfig().getInitParameter("debug") != null)
debug = Integer.parseInt(getServletConfig().getInitParameter("debug"));
cgiPathPrefix = getServletConfig().getInitParameter("cgiPathPrefix");
boolean passShellEnvironment =
Boolean.valueOf(getServletConfig().getInitParameter("passShellEnvironment")).booleanValue();
if (passShellEnvironment) {
shellEnv.putAll(System.getenv());
}
if (getServletConfig().getInitParameter("executable") != null) {
cgiExecutable = getServletConfig().getInitParameter("executable");
}
if (getServletConfig().getInitParameter("parameterEncoding") != null) {
parameterEncoding = getServletConfig().getInitParameter("parameterEncoding");
}
if (getServletConfig().getInitParameter("stderrTimeout") != null) {
stderrTimeout = Long.parseLong(getServletConfig().getInitParameter(
"stderrTimeout"));
}
} |
public static void main(String[] args) {
System.out.println("$Header$");
} For future testing use only; does nothing right now |
protected void printServletEnvironment(ServletOutputStream out,
HttpServletRequest req,
HttpServletResponse res) throws IOException {
// Document the properties from ServletRequest
out.println("< h1 >ServletRequest Properties< /h1 >");
out.println("< ul >");
Enumeration attrs = req.getAttributeNames();
while (attrs.hasMoreElements()) {
String attr = (String) attrs.nextElement();
out.println("< li >< b >attribute< /b > " + attr + " = " +
req.getAttribute(attr));
}
out.println("< li >< b >characterEncoding< /b > = " +
req.getCharacterEncoding());
out.println("< li >< b >contentLength< /b > = " +
req.getContentLength());
out.println("< li >< b >contentType< /b > = " +
req.getContentType());
Enumeration locales = req.getLocales();
while (locales.hasMoreElements()) {
Locale locale = (Locale) locales.nextElement();
out.println("< li >< b >locale< /b > = " + locale);
}
Enumeration params = req.getParameterNames();
while (params.hasMoreElements()) {
String param = (String) params.nextElement();
String values[] = req.getParameterValues(param);
for (int i = 0; i < values.length; i++)
out.println("< li >< b >parameter< /b > " + param + " = " +
values[i]);
}
out.println("< li >< b >protocol< /b > = " + req.getProtocol());
out.println("< li >< b >remoteAddr< /b > = " + req.getRemoteAddr());
out.println("< li >< b >remoteHost< /b > = " + req.getRemoteHost());
out.println("< li >< b >scheme< /b > = " + req.getScheme());
out.println("< li >< b >secure< /b > = " + req.isSecure());
out.println("< li >< b >serverName< /b > = " + req.getServerName());
out.println("< li >< b >serverPort< /b > = " + req.getServerPort());
out.println("< /ul >");
out.println("< hr >");
// Document the properties from HttpServletRequest
out.println("< h1 >HttpServletRequest Properties< /h1 >");
out.println("< ul >");
out.println("< li >< b >authType< /b > = " + req.getAuthType());
out.println("< li >< b >contextPath< /b > = " +
req.getContextPath());
Cookie cookies[] = req.getCookies();
if (cookies!=null) {
for (int i = 0; i < cookies.length; i++)
out.println("< li >< b >cookie< /b > " + cookies[i].getName() +" = " +cookies[i].getValue());
}
Enumeration headers = req.getHeaderNames();
while (headers.hasMoreElements()) {
String header = (String) headers.nextElement();
out.println("< li >< b >header< /b > " + header + " = " +
req.getHeader(header));
}
out.println("< li >< b >method< /b > = " + req.getMethod());
out.println("< li >< a name=\"pathInfo\" >< b >pathInfo< /b >< /a > = "
+ req.getPathInfo());
out.println("< li >< b >pathTranslated< /b > = " +
req.getPathTranslated());
out.println("< li >< b >queryString< /b > = " +
req.getQueryString());
out.println("< li >< b >remoteUser< /b > = " +
req.getRemoteUser());
out.println("< li >< b >requestedSessionId< /b > = " +
req.getRequestedSessionId());
out.println("< li >< b >requestedSessionIdFromCookie< /b > = " +
req.isRequestedSessionIdFromCookie());
out.println("< li >< b >requestedSessionIdFromURL< /b > = " +
req.isRequestedSessionIdFromURL());
out.println("< li >< b >requestedSessionIdValid< /b > = " +
req.isRequestedSessionIdValid());
out.println("< li >< b >requestURI< /b > = " +
req.getRequestURI());
out.println("< li >< b >servletPath< /b > = " +
req.getServletPath());
out.println("< li >< b >userPrincipal< /b > = " +
req.getUserPrincipal());
out.println("< /ul >");
out.println("< hr >");
// Document the servlet request attributes
out.println("< h1 >ServletRequest Attributes< /h1 >");
out.println("< ul >");
attrs = req.getAttributeNames();
while (attrs.hasMoreElements()) {
String attr = (String) attrs.nextElement();
out.println("< li >< b >" + attr + "< /b > = " +
req.getAttribute(attr));
}
out.println("< /ul >");
out.println("< hr >");
// Process the current session (if there is one)
HttpSession session = req.getSession(false);
if (session != null) {
// Document the session properties
out.println("< h1 >HttpSession Properties< /h1 >");
out.println("< ul >");
out.println("< li >< b >id< /b > = " +
session.getId());
out.println("< li >< b >creationTime< /b > = " +
new Date(session.getCreationTime()));
out.println("< li >< b >lastAccessedTime< /b > = " +
new Date(session.getLastAccessedTime()));
out.println("< li >< b >maxInactiveInterval< /b > = " +
session.getMaxInactiveInterval());
out.println("< /ul >");
out.println("< hr >");
// Document the session attributes
out.println("< h1 >HttpSession Attributes< /h1 >");
out.println("< ul >");
attrs = session.getAttributeNames();
while (attrs.hasMoreElements()) {
String attr = (String) attrs.nextElement();
out.println("< li >< b >" + attr + "< /b > = " +
session.getAttribute(attr));
}
out.println("< /ul >");
out.println("< hr >");
}
// Document the servlet configuration properties
out.println("< h1 >ServletConfig Properties< /h1 >");
out.println("< ul >");
out.println("< li >< b >servletName< /b > = " +
getServletConfig().getServletName());
out.println("< /ul >");
out.println("< hr >");
// Document the servlet configuration initialization parameters
out.println("< h1 >ServletConfig Initialization Parameters< /h1 >");
out.println("< ul >");
params = getServletConfig().getInitParameterNames();
while (params.hasMoreElements()) {
String param = (String) params.nextElement();
String value = getServletConfig().getInitParameter(param);
out.println("< li >< b >" + param + "< /b > = " + value);
}
out.println("< /ul >");
out.println("< hr >");
// Document the servlet context properties
out.println("< h1 >ServletContext Properties< /h1 >");
out.println("< ul >");
out.println("< li >< b >majorVersion< /b > = " +
getServletContext().getMajorVersion());
out.println("< li >< b >minorVersion< /b > = " +
getServletContext().getMinorVersion());
out.println("< li >< b >realPath('/')< /b > = " +
getServletContext().getRealPath("/"));
out.println("< li >< b >serverInfo< /b > = " +
getServletContext().getServerInfo());
out.println("< /ul >");
out.println("< hr >");
// Document the servlet context initialization parameters
out.println("< h1 >ServletContext Initialization Parameters< /h1 >");
out.println("< ul >");
params = getServletContext().getInitParameterNames();
while (params.hasMoreElements()) {
String param = (String) params.nextElement();
String value = getServletContext().getInitParameter(param);
out.println("< li >< b >" + param + "< /b > = " + value);
}
out.println("< /ul >");
out.println("< hr >");
// Document the servlet context attributes
out.println("< h1 >ServletContext Attributes< /h1 >");
out.println("< ul >");
attrs = getServletContext().getAttributeNames();
while (attrs.hasMoreElements()) {
String attr = (String) attrs.nextElement();
out.println("< li >< b >" + attr + "< /b > = " +
getServletContext().getAttribute(attr));
}
out.println("< /ul >");
out.println("< hr >");
} |
Save This Page