升级Tomcat版本 apache-tomcat-7.0.77
diff --git a/tomcat-cas/conf/web.xml b/tomcat-cas/conf/web.xml
index 4b2cb5a..d4f6524 100644
--- a/tomcat-cas/conf/web.xml
+++ b/tomcat-cas/conf/web.xml
@@ -16,9 +16,10 @@
limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- version="2.5">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
<!-- ======================== Introduction ============================== -->
<!-- This document defines default values for *all* web applications -->
@@ -41,7 +42,8 @@
<!-- parameters (default values are in square brackets): -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
- <!-- by this servlet. [0] -->
+ <!-- by this servlet. Useful values are 0, 1, and -->
+ <!-- 11 where higher values mean more detail. [0] -->
<!-- -->
<!-- fileEncoding Encoding to be used to read static resources -->
<!-- [platform default] -->
@@ -62,7 +64,7 @@
<!-- commands like PUT and DELETE are -->
<!-- rejected? [true] -->
<!-- -->
- <!-- readmeFile File name to display with the directory -->
+ <!-- readmeFile File to display together with the directory -->
<!-- contents. [null] -->
<!-- -->
<!-- sendfileSize If the connector used supports sendfile, this -->
@@ -93,6 +95,10 @@
<!-- path that points to a location below either -->
<!-- $CATALINA_BASE/conf (checked first) or -->
<!-- $CATALINA_HOME/conf (checked second).[null] -->
+ <!-- -->
+ <!-- showServerInfo Should server information be presented in the -->
+ <!-- response sent to clients when directory -->
+ <!-- listings is enabled? [true] -->
<servlet>
<servlet-name>default</servlet-name>
@@ -109,37 +115,6 @@
</servlet>
- <!-- This servlet has been deprecated due to security concerns. Servlets -->
- <!-- should be explicitly mapped in web.xml -->
- <!-- -->
- <!-- The "invoker" servlet, which executes anonymous servlet classes -->
- <!-- that have not been defined in a web.xml file. Traditionally, this -->
- <!-- servlet is mapped to the URL pattern "/servlet/*", but you can map -->
- <!-- it to other patterns as well. The extra path info portion of such a -->
- <!-- request must be the fully qualified class name of a Java class that -->
- <!-- implements Servlet (or extends HttpServlet), or the servlet name -->
- <!-- of an existing servlet definition. This servlet supports the -->
- <!-- following initialization parameters (default values are in square -->
- <!-- brackets): -->
- <!-- -->
- <!-- debug Debugging detail level for messages logged -->
- <!-- by this servlet. [0] -->
-
-<!--
- <servlet>
- <servlet-name>invoker</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.InvokerServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <load-on-startup>2</load-on-startup>
- </servlet>
--->
-
-
<!-- The JSP page compiler and execution servlet, which is the mechanism -->
<!-- used by Tomcat to support JSP pages. Traditionally, this servlet -->
<!-- is mapped to the URL pattern "*.jsp". This servlet supports the -->
@@ -163,9 +138,9 @@
<!-- pages. See the jasper documentation for more -->
<!-- information. -->
<!-- -->
- <!-- compilerSourceVM Compiler source VM. [1.5] -->
+ <!-- compilerSourceVM Compiler source VM. [1.6] -->
<!-- -->
- <!-- compilerTargetVM Compiler target VM. [1.5] -->
+ <!-- compilerTargetVM Compiler target VM. [1.6] -->
<!-- -->
<!-- development Is Jasper used in development mode? If true, -->
<!-- the frequency at which JSPs are checked for -->
@@ -188,6 +163,8 @@
<!-- engineOptionsClass Allows specifying the Options class used to -->
<!-- configure Jasper. If not present, the default -->
<!-- EmbeddedServletOptions will be used. -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
<!-- -->
<!-- errorOnUseBeanInvalidClassAttribute -->
<!-- Should Jasper issue an error when the value of -->
@@ -217,6 +194,18 @@
<!-- print statement per input line, to ease -->
<!-- debugging? [true] -->
<!-- -->
+ <!-- maxLoadedJsps The maximum number of JSPs that will be loaded -->
+ <!-- for a web application. If more than this -->
+ <!-- number of JSPs are loaded, the least recently -->
+ <!-- used JSPs will be unloaded so that the number -->
+ <!-- of JSPs loaded at any one time does not exceed -->
+ <!-- this limit. A value of zero or less indicates -->
+ <!-- no limit. [-1] -->
+ <!-- -->
+ <!-- jspIdleTimeout The amount of time in seconds a JSP can be -->
+ <!-- idle before it is unloaded. A value of zero -->
+ <!-- or less indicates never unload. [-1] -->
+ <!-- -->
<!-- modificationTestInterval -->
<!-- Causes a JSP (and its dependent files) to not -->
<!-- be checked for modification during the -->
@@ -237,6 +226,8 @@
<!-- scratchdir What scratch directory should we use when -->
<!-- compiling JSP pages? [default work directory -->
<!-- for the current web application] -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
<!-- -->
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
@@ -245,11 +236,12 @@
<!-- actions or directives be trimmed? [false] -->
<!-- -->
<!-- xpoweredBy Determines whether X-Powered-By response -->
- <!-- header is added by generated servlet [false] -->
+ <!-- header is added by generated servlet. [false] -->
<!-- -->
- <!-- If you wish to use Jikes to compile JSP pages: -->
- <!-- Please see the "Using Jikes" section of the Jasper-HowTo -->
- <!-- page in the Tomcat documentation. -->
+ <!-- quoteAttributeEL When EL is used in an attribute value on a -->
+ <!-- JSP page should the rules for quoting of -->
+ <!-- attributes described in JSP.1.6 be applied to -->
+ <!-- the expression? [true] -->
<servlet>
<servlet-name>jsp</servlet-name>
@@ -335,14 +327,21 @@
<!-- -->
<!-- cgiPathPrefix The CGI search path will start at -->
<!-- webAppRootDir + File.separator + this prefix. -->
- <!-- [WEB-INF/cgi] -->
- <!-- -->
- <!-- debug Debugging detail level for messages logged -->
- <!-- by this servlet. [0] -->
+ <!-- If not set, then webAppRootDir is used. -->
+ <!-- Recommended value: WEB-INF/cgi -->
<!-- -->
<!-- executable Name of the executable used to run the -->
<!-- script. [perl] -->
<!-- -->
+ <!-- envHttpHeaders A regular expression used to select the HTTP -->
+ <!-- headers passed to the CGI process as -->
+ <!-- environment variables. Note that headers are -->
+ <!-- converted to upper case before matching and -->
+ <!-- that the entire header name must match the -->
+ <!-- pattern. -->
+ <!-- [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST| -->
+ <!-- IF-[-0-9A-Z]*|REFERER|USER-AGENT] -->
+ <!-- -->
<!-- parameterEncoding Name of parameter encoding to be used with -->
<!-- CGI servlet. -->
<!-- [System.getProperty("file.encoding","UTF-8")] -->
@@ -359,14 +358,10 @@
<servlet-name>cgi</servlet-name>
<servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
<init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <init-param>
<param-name>cgiPathPrefix</param-name>
<param-value>WEB-INF/cgi</param-value>
</init-param>
- <load-on-startup>5</load-on-startup>
+ <load-on-startup>5</load-on-startup>
</servlet>
-->
@@ -385,22 +380,10 @@
<url-pattern>/</url-pattern>
</servlet-mapping>
- <!-- The mapping for the deprecated invoker servlet -->
-<!--
- <servlet-mapping>
- <servlet-name>invoker</servlet-name>
- <url-pattern>/servlet/*</url-pattern>
- </servlet-mapping>
--->
-
- <!-- The mapping for the JSP servlet -->
+ <!-- The mappings for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>jsp</servlet-name>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>
@@ -424,6 +407,45 @@
<!-- ================== Built In Filter Definitions ===================== -->
+ <!-- A filter that sets various security related HTTP Response headers. -->
+ <!-- This filter supports the following initialization parameters -->
+ <!-- (default values are in square brackets): -->
+ <!-- -->
+ <!-- hstsEnabled Should the HTTP Strict Transport Security -->
+ <!-- (HSTS) header be added to the response? See -->
+ <!-- RFC 6797 for more information on HSTS. [true] -->
+ <!-- -->
+ <!-- hstsMaxAgeSeconds The max age value that should be used in the -->
+ <!-- HSTS header. Negative values will be treated -->
+ <!-- as zero. [0] -->
+ <!-- -->
+ <!-- hstsIncludeSubDomains -->
+ <!-- Should the includeSubDomains parameter be -->
+ <!-- included in the HSTS header. -->
+ <!-- -->
+ <!-- antiClickJackingEnabled -->
+ <!-- Should the anti click-jacking header -->
+ <!-- X-Frame-Options be added to every response? -->
+ <!-- [true] -->
+ <!-- -->
+ <!-- antiClickJackingOption -->
+ <!-- What value should be used for the header. Must -->
+ <!-- be one of DENY, SAMEORIGIN, ALLOW-FROM -->
+ <!-- (case-insensitive). [DENY] -->
+ <!-- -->
+ <!-- antiClickJackingUri IF ALLOW-FROM is used, what URI should be -->
+ <!-- allowed? [] -->
+ <!-- -->
+ <!-- blockContentTypeSniffingEnabled -->
+ <!-- Should the header that blocks content type -->
+ <!-- sniffing be added to every response? [true] -->
+<!--
+ <filter>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+-->
<!-- A filter that sets character encoding that is used to decode -->
<!-- parameters in a POST request -->
@@ -435,10 +457,10 @@
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
+ <async-supported>true</async-supported>
</filter>
-->
-
<!-- A filter that triggers request parameters parsing and rejects the -->
<!-- request if some parameters were skipped because of parsing errors or -->
<!-- request size limitations. -->
@@ -448,6 +470,7 @@
<filter-class>
org.apache.catalina.filters.FailedRequestFilter
</filter-class>
+ <async-supported>true</async-supported>
</filter>
-->
@@ -512,6 +535,15 @@
<!-- ==================== Built In Filter Mappings ====================== -->
+ <!-- The mapping for the HTTP header security Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+-->
+
<!-- The mapping for the Set Character Encoding Filter -->
<!--
<filter-mapping>
@@ -4622,15 +4654,17 @@
<!-- ==================== Default Welcome File List ===================== -->
<!-- When a request URI refers to a directory, the default servlet looks -->
- <!-- for a "welcome file" within that directory and, if present, -->
- <!-- to the corresponding resource URI for display. If no welcome file -->
- <!-- is present, the default servlet either serves a directory listing, -->
- <!-- or returns a 404 status, depending on how it is configured. -->
+ <!-- for a "welcome file" within that directory and, if present, to the -->
+ <!-- corresponding resource URI for display. -->
+ <!-- If no welcome files are present, the default servlet either serves a -->
+ <!-- directory listing (see default servlet configuration on how to -->
+ <!-- customize) or returns a 404 status, depending on the value of the -->
+ <!-- listings setting. -->
<!-- -->
<!-- If you define welcome files in your own application's web.xml -->
<!-- deployment descriptor, that list *replaces* the list configured -->
- <!-- here, so be sure that you include any of the default values that -->
- <!-- you wish to include. -->
+ <!-- here, so be sure to include any of the default values that you wish -->
+ <!-- to use within your application. -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>