RE: WDSC 6.0 WebSphere Test Environment

Yes, you have to have that setting enabled.  But the point is that even
if I have the setting enabled, I still cannot run or debug servlets by
name.

Yes, it may be a security issue, but that shouldn't prevent the tool
from working.  I will address any security issues.  It's really quite
simple, in fact: if I don't put any dangerous servlets in my classpath,
then it's not a security issue.  Or, I may be in a development
environment where I want to be able to quickly access new servlets
without having to edit the deployment descriptor.  In any case, it's my
choice.

Not only that, it USED to work.  I USED to be able to run any servlets
the same way I ran JSPs and HTML pages -- a simple right-click and Run
on Server.  Why was that functionality removed?

Joe


> From: Mike Hockings
> 
> I think that serve servlets by class name has to be enabled to allow
the
> execution of servlets by their class name.  If you think about it this
is
> a security question, if you let someone run any servlet they like they
may
> be able to do bad things.   Allowing only named servlets to run lets
you
> define what can be invoked and masks the class (and allows you to
change
> the jsp or servlet that is run by that name I would think).
> 
> The deployment descriptor only references the named servlets that you
(or
> some tooling) define I believe.
> 
> Mike
> 
> 
> > From: Joe Pluta
> >
> > You can only run the servlet if it has been defined to the
deployment
> > descriptor.  For servlets that are simply run by class name, you
can't
> > do it (they don't even show up under the "Servlets" category of the
> > Deployment Descriptor).  What's the rationale behind that?
> 
> Don, did you see this?  Is there a reason why we can't run servlets
that
> aren't specifically defined to the Deployment Descriptor?