web.xml url-pattern 관련 스펙

Mapping Requests to Servlets 

The mapping techniques described in this chapter are required for Web containers mapping client requests to servlets.

12.1 Use of URL Paths 

Upon receipt of a client request, the Web container determines the Web application to which to forward it. The Web application selected must have the longest context path that matches the start of the request URL. The matched part of the URL is the context path when mapping to servlets. 

The Web container next must locate the servlet to process the request using the path mapping procedure described below. 

The path used for mapping to a servlet is the request URL from the request object minus the context path and the path parameters. The URL path mapping rules below are used in order. 

The first successful match is used with no further matches attempted: 

1. The container will try to find an exact match of the path of the request to the path of the servlet. A successful match selects the servlet. 

2. The container will recursively try to match the longest path-prefix. This is done by stepping down the path tree a directory at a time, using the ’/’ character as a path separator. The longest match determines the servlet selected. 

3. If the last segment in the URL path contains an extension (e.g. .jsp), the servlet container will try to match a servlet that handles requests for the extension. An extension is defined as the part of the last segment after the last ’.’ character.

4. If neither of the previous three rules result in a servlet match, the container will attempt to serve content appropriate for the resource requested. If a "default" servlet is defined for the application, it will be used. Many containers provide an implicit default servlet for serving content. The container must use case-sensitive string comparisons for matching.

12.2 Specification of Mappings 

In the Web application deployment descriptor, the following syntax is used to define mappings: 

• A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping. 
• A string beginning with a ‘*.’ prefix is used as an extension mapping. 
• The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form http://host:port//. In this case the path info is ’/’ and the servlet path and context path is empty string (““). 
• A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null. 
• All other strings are used for exact matches only.

12.3 Implicit Mappings 

If the container has an internal JSP container, the *.jsp extension is mapped to it, allowing JSP pages to be executed on demand. This mapping is termed an implicit mapping. If a *.jsp mapping is defined by the Web application, its mapping takes precedence over the implicit mapping. A servlet container is allowed to make other implicit mappings as long as explicit mappings take precedence. For example, an implicit mapping of *.shtml could be mapped to include functionality on the server.

Example Mapping Set Consider the following set of mappings:

url-pattern 관련 사항이 궁금해서 내가 지금 사용하고 있는 tomcat 7의 servlet 3.0의 스펙 중 일부를 발췌하였다. 

가장 중요한 부분은 url-pattern은 '/'으로 시작하거나. '*.'을 접두어로 사용해 확장자를 지정할 수 있다. 그리고 접미어는 '/*'로 지정해야한다. 뭐 이정도...

가령  /pattern* 과 같은 설정은 스펙에 어긋나니 정상적으로 동작되지 않을듯 싶다. 

실제로 tomcat 구동시 아래와 같은 오류가 툭! 튀어나온다. 식겁하게... 

8월 25, 2016 12:54:17 오전 org.apache.catalina.core.StandardContext checkUnusualURLPattern

정보: Suspicious url pattern: "/pattern*" in context [/pattern] - see sections 12.1 and 12.2 of the Servlet specification

/**
     * Validate the syntax of a proposed <code><url-pattern></code>
     * for conformance with specification requirements.
     *
     * @param urlPattern URL pattern to be validated
     */
    private boolean validateURLPattern(String urlPattern) {

        if (urlPattern == null)
            return (false);
        if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) {
            return (false);
        }
        if (urlPattern.equals("")) {
            return true;
        }
        if (urlPattern.startsWith("*.")) {
            if (urlPattern.indexOf('/') < 0) {
                checkUnusualURLPattern(urlPattern);
                return (true);
            } else
                return (false);
        }
        if ( (urlPattern.startsWith("/")) &&
                (urlPattern.indexOf("*.") < 0)) {
            checkUnusualURLPattern(urlPattern);
            return (true);
        } else
            return (false);

    }


    /**
     * Check for unusual but valid <code><url-pattern></code>s.
     * See Bugzilla 34805, 43079 & 43080
     */
    private void checkUnusualURLPattern(String urlPattern) {
        if (log.isInfoEnabled()) {
            // First group checks for '*' or '/foo*' style patterns
            // Second group checks for *.foo.bar style patterns
            if((urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
                        urlPattern.charAt(urlPattern.length()-2) != '/')) ||
                    urlPattern.startsWith("*.") && urlPattern.length() > 2 &&
                        urlPattern.lastIndexOf('.') > 1) {
                log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
                        " in context [" + getName() + "] - see" +
                        " sections 12.1 and 12.2 of the Servlet specification");
            }
        }
    }