Servlets In Use

Provide information on which servlets are by default in use.

Servlets in use

Next to the CMS applications such as the CMS itself and the console application, there are a number of other servlets that are bundled in the package of Hippo CMS and which are active by default if you do not have a custom WEB-INF/web.xml, or have copied the original WEB-INF/web.xml into your own packaging.

 

It concerns the following servlets:

StatusServlet

• By default deployed on <context-root>/status
• Provides basic information about the version, memory usage of the system
• Not required for normal operation but provides a heath check of the system

 

LoggingServlet

• By default deployed on <context-root>/logging
• Provides access to and control over the logging information written in log files
• Not required, but especially useful for test environments and problem solving when no full access is available to the system

 

RepositoryServlet

• By default deployed on <context-root>/repository
• Runs the Hippo CMS Repository and provides a simple browse interface through authorized access
• Mandatory in most deployments unless JCA is used to run the repository.

 

Security notes

 

You can choose to modify all deployment paths under a common path, such as <context-root>/admin/repository, <context-root>/admin/logging and then use your application container to restrict the access to all of the <context-root>/admin.   Without any restriction these applets are open to anyone and even though your content is secured by means of basic authentication, you might want to hide information such as current memory usage of the system.  By placing the above servlets under a common path and placing administration rules in your application container you can restrict the access to only access from your own intranet or with more extensive authentication requirements.  Note that the LoggingServlet and StatusServlet may be removed alltogether, but they can be of invaluable asset when problem-solving.