Enabling/disabling servlet in a way other than web.xml

Question

i wonder if there's a way to enable or disable servlets (or at least mappings for servlets) other than web.xml. I have multiple kinds of servers which use the same web.xml (i can't change this) so this is why another way of enabling/disabling servlets would be useful.

Thanks, Teo

Answer 1

what about creating a Filter (a class that implements javax.servlet.Filter), then in a xml or properties file or even in database, you can add the servlets' names that the user can access or can't access.

Answer 2

I'd just create a web filter that reads some kind of configuration and passes or redirects on specific, configured paths.

Another option is to block paths on security layer e.g. Spring Security (actually it uses something like described above).

Answer 3

If you are using Tomcat 7.x / Servlet 3.0 you can programmatically add a servlet filter to dynamically enable/disable access to some of your servlets without touching your web.xml file nor your application code.

Answer 4

As far as i am aware there is no such thing as programmatic disabling of servlets other that the deployment descriptor.

The way that i would approach such an issue is the following:

-I would add an if statement in each of my servlets service() method that i would like to control access to such as:

if(MyCustomSecurity.isServletAccessible(request)){
  //here is your code that you have right now
}else{
  //redirect request to an error page maybe
}

-Create this method isServletAccessible() in MyCustomSecurity class that would return a boolean on weather the user is allowed to acceess the servlet or not

Answer 5

You could use @WebServlet annotation with servlet 3.0 onwards, not sure if this will work for your requirement, please comment if this isn't the way you want to

@WebServlet("/hello")
public class HelloServlet extends HttpServlet {
// code code code
}