Table of Contents
web.xml file is one step up from the main configuration
directory. It is located in the
directory. This configuration file contains settings that are related to the web
application only. Most settings in this file should not be changed because they
are vital for the functionality of BASE.
If an error occurs during a page request, the execution is forwarded to the specified JSP which will display information about the error.
This setting is here to resolve a potential problem with too long generated URL:s. This may happen when BASE needs to open a pop-up window and a user has selected a lot of items (e.g., several hundred). Typically the generated URL contains all selected ID:s. Some web servers have limitations on the length of an URL (e.g., Apache has a default max of 8190 bytes). If the generated URL is longer that this setting, BASE will re-write the request to make the URL shorter and supply the rest of the parameters as part of a POST request instead. This functionality can disabled by setting this value to 0. For more information see http://base.thep.lu.se/ticket/1032.
A servlet that starts BASE when Tomcat starts, and stops BASE when Tomcat stops. Do not modify.
File view/download servlet. It is possible to change the default MIME type for use with files of unknown type.
Servlet for handling file uploads. Do not modify.
Servlet for displaying spot images. Do not modify.
Servlet for the plot tool in the analysis section. You may specify max and default values for the width and height for the generated images. The supported image formats are "png" and "jpeg".
Servlet for the plot tool in the experiment explorer section. It can use the same configuration properties for size and image format as the plotter servlet.
Servlet for generating a RSS feed for the news on the front page. Comment out this servlet if you do not want to use the RSS feed.
Servlet for handling startup/shutdown of the extensions system as well as requests to extension servlets. Do not modify. Do not disable even if extensions are not used.
Experimental servlet for compiling *.xjsp files used by extensions. The servlet redirects the compilation of *.xjsp files to a compiler that includes the extension supplied JAR file(s) in the class path. Can be disabled if no extensions use this feature. See also Section 22.1.4, “Installing the X-JSP compiler” for more information about how to enable this feature.
Experimental servlet for compiling all JSP files. This is mostly useful for developers who want to make sure that no compilation error exists in any JSP file. Can also be used to pre-compile all JSP files to avoid delays during browsing. This servlet is disabled by default.
A filter that sets the character encoding for the JSP generated HTML. We recommend leaving this at the default UTF-8 encoding, this default should work with most language in all modern browsers.
In BASE, we have choosen a relatively restrictive policy which only allow resources
to be lodaded from the BASE server. Browser plug-ins are always blocked. This should
work well for a standard BASE installation. But some (older) extensions to BASE
doesn't adhere to the restrictions implied by the policy and may not work unless it
code to handle mouse clicks and other events, which is forbidden by the default policy
settings. In this case, the policy must be relaxed a bit. Typically,
script-src 'self' 'unsafe-inline';
to the policy setting should take care of most issues. If this is not
enough to make the extension work the following link is a good starting point
for reading more about this:
A filter that sets the Content security policy header in all responses from the BASE web server. This filter can be removed to disable content security policy, but use this only as a last resort if nothing else works.
The following parameters can be specified for the filter:
policy: The policy string that is sent in the response. The default value
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none';
report-only: If set, policy violations are only reported and not blocked
An alternate policy string that is used for extensions that set
in their definition. The default value is:
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'unsafe-inline';