Utility Servlets Packaged with Hippo CMS
In addition to the CMS and Console application two servlets are bundled with Hippo CMS which are active by default (unless you have a custom WEB-INF/web.xml or have copied the original WEB-INF/web.xml into your own packaging).
The following servlets are packaged with Hippo CMS:
By default deployed on <context-root>/logging/
Provides access to and control over the logging information written in log files. This servlet is not required but is especially useful for test environments and problem solving when no full access is available to the system. Via the <context-root>/logging browser interface you can only change the log level of a specific (class) logger. If you want to change the log level of logger configured in log4j.xml, for example you want to set <logger additivity="false" name="org.hippoecm.hst"> to DEBUG, you can request :
<context-root>/logging?ll=org.hippoecm.hst:DEBUGNote that before CMS 10.1.0, you need to send the above request as a POST. From 10.1.0 and higher you can do a simple GET or POST.
By default deployed on <context-root>/repository/
Runs the content repository and provides a simple browse interface through authorised access. This is a mandatory servlet.Also see Query the Content Repository using XPath.
By default deployed on <context-root>/ping/
Simple servlet to check if the content repository is up and running. If everything is as it should be it will return the following message:
OK - Repository online and accessible.Both the CMS (authoring) and HST (delivery) applications provide a PingServlet on <context-root>/ping/.Since CMS 12.2, the HST (delivery) application ships with a PingFilter which is preferrable over the PingServlet.
You can choose to modify all deployment paths under a common path, such as <context-root>/admin/repository, <context-root>/admin/logging and then use your application container to restrict the access to all of the <context-root>/admin. Without any restriction these servlets are open to anyone and even though your content is secured by means of basic authentication, you might want to hide information such as current memory usage of the system. By placing the above servlets under a common path and placing administration rules in your application container you can restrict the access to only access from your own intranet or with more extensive authentication requirements. Note that the LoggingServlet may be removed all together, but it can be an invaluable asset when problem-solving.