File Doc Category Size Date Package
CGIServlet.java API Doc Apache Tomcat 6.0.14 73858 Fri Jul 20 04:20:30 BST 2007 org.apache.catalina.servlets

CGIServlet

java.lang.Object
- javax.servlet.GenericServlet
  - javax.servlet.http.HttpServlet

public final class CGIServlet extends HttpServlet

CGI-invoking servlet for web applications, used to execute scripts which comply to the Common Gateway Interface (CGI) specification and are named in the path-info used to invoke this servlet.

Note: This code compiles and even works for simple CGI cases. Exhaustive testing has not been done. Please consider it beta quality. Feedback is appreciated to the author (see below).

Example:
If an instance of this servlet was mapped (using <web-app>/WEB-INF/web.xml) to:

<web-app>/cgi-bin/*

then the following request:

http://localhost:8080/<web-app>/cgi-bin/dir1/script/pathinfo1

would result in the execution of the script

<web-app-root>/WEB-INF/cgi/dir1/script

with the script's PATH_INFO set to /pathinfo1.

Recommendation: House all your CGI scripts under <webapp>/WEB-INF/cgi. This will ensure that you do not accidentally expose your cgi scripts' code to the outside world and that your cgis will be cleanly ensconced underneath the WEB-INF (i.e., non-content) area.

The default CGI location is mentioned above. You have the flexibility to put CGIs wherever you want, however:

The CGI search path will start at webAppRootDir + File.separator + cgiPathPrefix (or webAppRootDir alone if cgiPathPrefix is null).

cgiPathPrefix is defined by setting this servlet's cgiPathPrefix init parameter

CGI Specification:
derived from http://cgi-spec.golux.com. A work-in-progress & expired Internet Draft. Note no actual RFC describing the CGI specification exists. Where the behavior of this servlet differs from the specification cited above, it is either documented here, a bug, or an instance where the specification cited differs from Best Community Practice (BCP). Such instances should be well-documented here. Please email the Jakarta Tomcat group [tomcat-dev@jakarta.apache.org] with amendments.

Canonical metavariables:
The CGI specification defines the following canonical metavariables:
[excerpt from CGI specification]

AUTH_TYPE
CONTENT_LENGTH
CONTENT_TYPE
GATEWAY_INTERFACE
PATH_INFO
PATH_TRANSLATED
QUERY_STRING
REMOTE_ADDR
REMOTE_HOST
REMOTE_IDENT
REMOTE_USER
REQUEST_METHOD
SCRIPT_NAME
SERVER_NAME
SERVER_PORT
SERVER_PROTOCOL
SERVER_SOFTWARE

Metavariables with names beginning with the protocol name (e.g., "HTTP_ACCEPT") are also canonical in their description of request header fields. The number and meaning of these fields may change independently of this specification. (See also section 6.1.5 [of the CGI specification].)

[end excerpt]

Implementation notes

standard input handling: If your script accepts standard input, then the client must start sending input within a certain timeout period, otherwise the servlet will assume no input is coming and carry on running the script. The script's the standard input will be closed and handling of any further input from the client is undefined. Most likely it will be ignored. If this behavior becomes undesirable, then this servlet needs to be enhanced to handle threading of the spawned process' stdin, stdout, and stderr (which should not be too hard).
If you find your cgi scripts are timing out receiving input, you can set the init parameter of your webapps' cgi-handling servlet to be

Metavariable Values: According to the CGI specificion, implementations may choose to represent both null or missing values in an implementation-specific manner, but must define that manner. This implementation chooses to always define all required metavariables, but set the value to "" for all metavariables whose value is either null or undefined. PATH_TRANSLATED is the sole exception to this rule, as per the CGI Specification.

NPH -- Non-parsed-header implementation: This implementation does not support the CGI NPH concept, whereby server ensures that the data supplied to the script are preceisely as supplied by the client and unaltered by the server.

The function of a servlet container (including Tomcat) is specifically designed to parse and possible alter CGI-specific variables, and as such makes NPH functionality difficult to support.

The CGI specification states that compliant servers MAY support NPH output. It does not state servers MUST support NPH output to be unconditionally compliant. Thus, this implementation maintains unconditional compliance with the specification though NPH support is not present.

The CGI specification is located at http://cgi-spec.golux.com.

TODO:

Support for setting headers (for example, Location headers don't work)
Support for collapsing multiple header lines (per RFC 2616)
Ensure handling of POST method does not interfere with 2.3 Filters
Refactor some debug code out of core
Ensure header handling preserves encoding
Possibly rewrite CGIRunner.run()?
Possibly refactor CGIRunner and CGIEnvironment as non-inner classes?
Document handling of cgi stdin when there is no stdin
Revisit IOException handling in CGIRunner.run()
Better documentation
Confirm use of ServletInputStream.available() in CGIRunner.run() is not needed
Make checking for "." and ".." in servlet & cgi PATH_INFO less draconian
[add more to this TODO list]

author: Martin T Dengler [root@martindengler.com]
author: Amy Roh
version: $Revision: 543681 $, $Date: 2007-06-02 02:42:59 +0200 (sam., 02 juin 2007) $
since: Tomcat 4.0

Fields Summary
private int
debug
the debugging detail level for this servlet.
private String
cgiPathPrefix
The CGI search path will start at webAppRootDir + File.separator + cgiPathPrefix (or webAppRootDir alone if cgiPathPrefix is null)
private String
cgiExecutable
the executable to use with the script
private String
parameterEncoding
the encoding to use for parameters
static Object
expandFileLock
object used to ensure multiple threads don't try to expand same file
static Hashtable
shellEnv
the shell environment variables to be passed to the CGI script
Constructors Summary
Methods Summary
protected void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Provides CGI Gateway service
param
req HttpServletRequest passed in by servlet container
param
res HttpServletResponse passed in by servlet container
exception
ServletException if a servlet-specific exception occurs
exception
IOException if a read/write exception occurs
see
javax.servlet.http.HttpServlet
// Verify that we were not accessed using the invoker servlet if (req.getAttribute(Globals.INVOKED_ATTR) != null) throw new UnavailableException ("Cannot invoke CGIServlet through the invoker"); CGIEnvironment cgiEnv = new CGIEnvironment(req, getServletContext()); if (cgiEnv.isValid()) { CGIRunner cgi = new CGIRunner(cgiEnv.getCommand(), cgiEnv.getEnvironment(), cgiEnv.getWorkingDirectory(), cgiEnv.getParameters()); //if POST, we need to cgi.setInput //REMIND: how does this interact with Servlet API 2.3's Filters?! if ("POST".equals(req.getMethod())) { cgi.setInput(req.getInputStream()); } cgi.setResponse(res); cgi.run(); } if (!cgiEnv.isValid()) { res.setStatus(404); } if (debug >= 10) { ServletOutputStream out = res.getOutputStream(); out.println("<HTML><HEAD><TITLE>$Name$</TITLE></HEAD>"); out.println("<BODY>$Header$<p>"); if (cgiEnv.isValid()) { out.println(cgiEnv.toString()); } else { out.println("<H3>"); out.println("CGI script not found or not specified."); out.println("</H3>"); out.println("<H4>"); out.println("Check the <b>HttpServletRequest "); out.println("<a href=\"#pathInfo\">pathInfo</a></b> "); out.println("property to see if it is what you meant "); out.println("it to be. You must specify an existant "); out.println("and executable file as part of the "); out.println("path-info."); out.println("</H4>"); out.println("<H4>"); out.println("For a good discussion of how CGI scripts "); out.println("work and what their environment variables "); out.println("mean, please visit the <a "); out.println("href=\"http://cgi-spec.golux.com\">CGI "); out.println("Specification page</a>."); out.println("</H4>"); } printServletEnvironment(out, req, res); out.println("</BODY></HTML>"); }
protected void doPost(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Provides CGI Gateway service -- delegates to doGet
param
req HttpServletRequest passed in by servlet container
param
res HttpServletResponse passed in by servlet container
exception
ServletException if a servlet-specific exception occurs
exception
IOException if a read/write exception occurs
see
javax.servlet.http.HttpServlet
doGet(req, res);
private java.util.Hashtable getShellEnvironment()
Get all shell environment variables. Have to do it this rather ugly way as the API to obtain is not available in 1.4 and earlier APIs. See Read environment variables from an application for original source and article.
Hashtable<String,String> envVars = new Hashtable<String,String>(); Process p = null; Runtime r = Runtime.getRuntime(); String OS = System.getProperty("os.name").toLowerCase(); boolean ignoreCase; if (OS.indexOf("windows 9") > -1) { p = r.exec( "command.com /c set" ); ignoreCase = true; } else if ( (OS.indexOf("nt") > -1) || (OS.indexOf("windows 20") > -1) || (OS.indexOf("windows xp") > -1) ) { // thanks to JuanFran for the xp fix! p = r.exec( "cmd.exe /c set" ); ignoreCase = true; } else { // our last hope, we assume Unix (thanks to H. Ware for the fix) p = r.exec( "env" ); ignoreCase = false; } BufferedReader br = new BufferedReader ( new InputStreamReader( p.getInputStream() ) ); String line; while( (line = br.readLine()) != null ) { int idx = line.indexOf( '=" ); String key = line.substring( 0, idx ); String value = line.substring( idx+1 ); if (ignoreCase) { key = key.toUpperCase(); } envVars.put(key, value); } return envVars;
public void init(javax.servlet.ServletConfig config)
Sets instance variables.
Modified from Craig R. McClanahan's InvokerServlet
param
config a ServletConfig object containing the servlet's configuration and initialization parameters
exception
ServletException if an exception has occurred that interferes with the servlet's normal operation
super.init(config); // Verify that we were not accessed using the invoker servlet String servletName = getServletConfig().getServletName(); if (servletName == null) servletName = ""; if (servletName.startsWith("org.apache.catalina.INVOKER.")) throw new UnavailableException ("Cannot invoke CGIServlet through the invoker"); // Set our properties from the initialization parameters if (getServletConfig().getInitParameter("debug") != null) debug = Integer.parseInt(getServletConfig().getInitParameter("debug")); cgiPathPrefix = getServletConfig().getInitParameter("cgiPathPrefix"); boolean passShellEnvironment = Boolean.valueOf(getServletConfig().getInitParameter("passShellEnvironment")).booleanValue(); if (passShellEnvironment) { try { shellEnv.putAll(getShellEnvironment()); } catch (IOException ioe) { ServletException e = new ServletException( "Unable to read shell environment variables", ioe); throw e; } } if (getServletConfig().getInitParameter("executable") != null) { cgiExecutable = getServletConfig().getInitParameter("executable"); } if (getServletConfig().getInitParameter("parameterEncoding") != null) { parameterEncoding = getServletConfig().getInitParameter("parameterEncoding"); }
public static void main(java.lang.String[] args)
For future testing use only; does nothing right now
System.out.println("$Header$");
protected void printServletEnvironment(javax.servlet.ServletOutputStream out, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Prints out important Servlet API and container information
Copied from SnoopAllServlet by Craig R. McClanahan
param
out ServletOutputStream as target of the information
param
req HttpServletRequest object used as source of information
param
res HttpServletResponse object currently not used but could provide future information
exception
IOException if a write operation exception occurs
// Document the properties from ServletRequest out.println("<h1>ServletRequest Properties</h1>"); out.println("<ul>"); Enumeration attrs = req.getAttributeNames(); while (attrs.hasMoreElements()) { String attr = (String) attrs.nextElement(); out.println("<li><b>attribute</b> " + attr + " = " + req.getAttribute(attr)); } out.println("<li><b>characterEncoding</b> = " + req.getCharacterEncoding()); out.println("<li><b>contentLength</b> = " + req.getContentLength()); out.println("<li><b>contentType</b> = " + req.getContentType()); Enumeration locales = req.getLocales(); while (locales.hasMoreElements()) { Locale locale = (Locale) locales.nextElement(); out.println("<li><b>locale</b> = " + locale); } Enumeration params = req.getParameterNames(); while (params.hasMoreElements()) { String param = (String) params.nextElement(); String values[] = req.getParameterValues(param); for (int i = 0; i < values.length; i++) out.println("<li><b>parameter</b> " + param + " = " + values[i]); } out.println("<li><b>protocol</b> = " + req.getProtocol()); out.println("<li><b>remoteAddr</b> = " + req.getRemoteAddr()); out.println("<li><b>remoteHost</b> = " + req.getRemoteHost()); out.println("<li><b>scheme</b> = " + req.getScheme()); out.println("<li><b>secure</b> = " + req.isSecure()); out.println("<li><b>serverName</b> = " + req.getServerName()); out.println("<li><b>serverPort</b> = " + req.getServerPort()); out.println("</ul>"); out.println("<hr>"); // Document the properties from HttpServletRequest out.println("<h1>HttpServletRequest Properties</h1>"); out.println("<ul>"); out.println("<li><b>authType</b> = " + req.getAuthType()); out.println("<li><b>contextPath</b> = " + req.getContextPath()); Cookie cookies[] = req.getCookies(); if (cookies!=null) { for (int i = 0; i < cookies.length; i++) out.println("<li><b>cookie</b> " + cookies[i].getName() +" = " +cookies[i].getValue()); } Enumeration headers = req.getHeaderNames(); while (headers.hasMoreElements()) { String header = (String) headers.nextElement(); out.println("<li><b>header</b> " + header + " = " + req.getHeader(header)); } out.println("<li><b>method</b> = " + req.getMethod()); out.println("<li><a name=\"pathInfo\"><b>pathInfo</b></a> = " + req.getPathInfo()); out.println("<li><b>pathTranslated</b> = " + req.getPathTranslated()); out.println("<li><b>queryString</b> = " + req.getQueryString()); out.println("<li><b>remoteUser</b> = " + req.getRemoteUser()); out.println("<li><b>requestedSessionId</b> = " + req.getRequestedSessionId()); out.println("<li><b>requestedSessionIdFromCookie</b> = " + req.isRequestedSessionIdFromCookie()); out.println("<li><b>requestedSessionIdFromURL</b> = " + req.isRequestedSessionIdFromURL()); out.println("<li><b>requestedSessionIdValid</b> = " + req.isRequestedSessionIdValid()); out.println("<li><b>requestURI</b> = " + req.getRequestURI()); out.println("<li><b>servletPath</b> = " + req.getServletPath()); out.println("<li><b>userPrincipal</b> = " + req.getUserPrincipal()); out.println("</ul>"); out.println("<hr>"); // Document the servlet request attributes out.println("<h1>ServletRequest Attributes</h1>"); out.println("<ul>"); attrs = req.getAttributeNames(); while (attrs.hasMoreElements()) { String attr = (String) attrs.nextElement(); out.println("<li><b>" + attr + "</b> = " + req.getAttribute(attr)); } out.println("</ul>"); out.println("<hr>"); // Process the current session (if there is one) HttpSession session = req.getSession(false); if (session != null) { // Document the session properties out.println("<h1>HttpSession Properties</h1>"); out.println("<ul>"); out.println("<li><b>id</b> = " + session.getId()); out.println("<li><b>creationTime</b> = " + new Date(session.getCreationTime())); out.println("<li><b>lastAccessedTime</b> = " + new Date(session.getLastAccessedTime())); out.println("<li><b>maxInactiveInterval</b> = " + session.getMaxInactiveInterval()); out.println("</ul>"); out.println("<hr>"); // Document the session attributes out.println("<h1>HttpSession Attributes</h1>"); out.println("<ul>"); attrs = session.getAttributeNames(); while (attrs.hasMoreElements()) { String attr = (String) attrs.nextElement(); out.println("<li><b>" + attr + "</b> = " + session.getAttribute(attr)); } out.println("</ul>"); out.println("<hr>"); } // Document the servlet configuration properties out.println("<h1>ServletConfig Properties</h1>"); out.println("<ul>"); out.println("<li><b>servletName</b> = " + getServletConfig().getServletName()); out.println("</ul>"); out.println("<hr>"); // Document the servlet configuration initialization parameters out.println("<h1>ServletConfig Initialization Parameters</h1>"); out.println("<ul>"); params = getServletConfig().getInitParameterNames(); while (params.hasMoreElements()) { String param = (String) params.nextElement(); String value = getServletConfig().getInitParameter(param); out.println("<li><b>" + param + "</b> = " + value); } out.println("</ul>"); out.println("<hr>"); // Document the servlet context properties out.println("<h1>ServletContext Properties</h1>"); out.println("<ul>"); out.println("<li><b>majorVersion</b> = " + getServletContext().getMajorVersion()); out.println("<li><b>minorVersion</b> = " + getServletContext().getMinorVersion()); out.println("<li><b>realPath('/')</b> = " + getServletContext().getRealPath("/")); out.println("<li><b>serverInfo</b> = " + getServletContext().getServerInfo()); out.println("</ul>"); out.println("<hr>"); // Document the servlet context initialization parameters out.println("<h1>ServletContext Initialization Parameters</h1>"); out.println("<ul>"); params = getServletContext().getInitParameterNames(); while (params.hasMoreElements()) { String param = (String) params.nextElement(); String value = getServletContext().getInitParameter(param); out.println("<li><b>" + param + "</b> = " + value); } out.println("</ul>"); out.println("<hr>"); // Document the servlet context attributes out.println("<h1>ServletContext Attributes</h1>"); out.println("<ul>"); attrs = getServletContext().getAttributeNames(); while (attrs.hasMoreElements()) { String attr = (String) attrs.nextElement(); out.println("<li><b>" + attr + "</b> = " + getServletContext().getAttribute(attr)); } out.println("</ul>"); out.println("<hr>");