)
“Default Servlet Reference Table of Contents” 并非一个标准的、由官方(如 Oracle、Apache Tomcat 或 Jakarta EE 规范)发布的独立文档标题。它通常指Tomcat 服务器中 DefaultServlet 的功能说明与配置参考的目录结构,即对 Tomcat 内置的org.apache.catalina.servlets.DefaultServlet(负责静态资源服务,如 HTML、CSS、JS、图片等)的配置项、行为特性、初始化参数及其作用的概览性目录。
以下是典型的Tomcat DefaultServlet 参考文档的目录结构(Table of Contents):
- Overview of the Default Servlet
- Purpose and Responsibilities
- Configuration in web.xml (or context.xml / server.xml)
- Initialization Parameters (init-param)
-debug
-listings(目录浏览开关)
-readonly(是否禁止 PUT/DELETE 等写操作)
-sendfile(启用零拷贝传输)
-fileEncoding/inputEncoding/outputEncoding
-useAcceptRanges
-welcomeFiles(补充默认欢迎页) - MIME Type Mapping and Resource Handling
- Caching Behavior and Cache Control Headers
- Security Considerations (e.g., path traversal protection, hidden file filtering)
- Customization via Subclassing or Replacement
- Common Use Cases & Examples
- Troubleshooting & Logging Tips
✅ 注:该内容基于 Apache Tomcat 9/10 官方文档(DefaultServlet)整理;Jakarta EE 规范本身不定义 DefaultServlet 实现,而是由各 Servlet 容器(如 Tomcat、Jetty、WildFly)自行提供。
<!-- 示例:在 web.xml 中配置 DefaultServlet(通常无需显式配置,除非需覆盖默认行为) --><servlet><servlet-name>default</servlet-name><servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class><init-param><param-name>listings</param-name><param-value>false</param-value></init-param><load-on-startup>1</load-on-startup></servlet>Default Servlet Reference Table of Contents
What is the DefaultServlet
Where is it declared?
What can I change?
How do I customize directory listings?
How do I secure directory listings?
What is the DefaultServlet
The default servlet is the servlet which serves static resources as well as serves the directory listings (if directory listings are enabled).
Where is it declared?
It is declared globally in $CATALINA_BASE/conf/web.xml. By default here is it’s declaration:
<servlet> <servlet-name>default</servlet-name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet>…
<servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>So by default, the default servlet is loaded at webapp startup and directory listings are disabled and debugging is turned off.
What can I change?
The DefaultServlet allows the following initParamters:
Property Description
debug Debugging level. It is not very useful unless you are a tomcat developer. As of this writing, useful values are 0, 1, 11, 1000. [0]
listings If no welcome file is present, can a directory listing be shown? value may be true or false [false]
Welcome files are part of the servlet api.
WARNING: Listings of directories containing many entries are expensive. Multiple requests for large directory listings can consume significant proportions of server resources.
precompressed If a precompressed version of a file exists (a file with .br or .gz appended to the file name located alongside the original file), Tomcat will serve the precompressed file if the user agent supports the matching content encoding (br or gzip) and this option is enabled. [false]
The precompressed file with the with .br or .gz extension will be accessible if requested directly so if the original resource is protected with a security constraint, the precompressed versions must be similarly protected.
It is also possible to configure the list of precompressed formats. The syntax is comma separated list of [content-encoding]=[file-extension] pairs. For example: br=.br,gzip=.gz,bzip2=.bz2. If multiple formats are specified, the client supports more than one and the client does not express a preference, the order of the list of formats will be treated as the server preference order and used to select the format returned.
readmeFile If a directory listing is presented, a readme file may also be presented with the listing. This file is inserted as is so it may contain HTML.
globalXsltFile If you wish to customize your directory listing, you can use an XSL transformation. This value is a relative file name (to either $CATALINA_BASE/conf/ or $CATALINA_HOME/conf/) which will be used for all directory listings. This can be overridden per context and/or per directory. See contextXsltFile and localXsltFile below. The format of the xml is shown below.
contextXsltFile You may also customize your directory listing by context by configuring contextXsltFile. This must be a context relative path (e.g.: /path/to/context.xslt) to a file with a .xsl or .xslt extension. This overrides globalXsltFile. If this value is present but a file does not exist, then globalXsltFile will be used. If globalXsltFile does not exist, then the default directory listing will be shown.
localXsltFile You may also customize your directory listing by directory by configuring localXsltFile. This must be a file in the directory where the listing will take place to with a .xsl or .xslt extension. This overrides globalXsltFile and contextXsltFile. If this value is present but a file does not exist, then contextXsltFile will be used. If contextXsltFile does not exist, then globalXsltFile will be used. If globalXsltFile does not exist, then the default directory listing will be shown.
input Input buffer size (in bytes) when reading resources to be served. [2048]
output Output buffer size (in bytes) when writing resources to be served. [2048]
readonly Is this context “read only”, so HTTP commands like PUT and DELETE are rejected? [true]
fileEncoding File encoding to be used when reading static resources. [platform default]
sendfileSize If the connector used supports sendfile, this represents the minimal file size in KB for which sendfile will be used. Use a negative value to always disable sendfile. [48]
useAcceptRanges If true, the Accept-Ranges header will be set when appropriate for the response. [true]
showServerInfo Should server information be presented in the response sent to clients when directory listing is enabled. [true]
sortListings Should the server sort the listings in a directory. [false]
sortDirectoriesFirst Should the server list all directories before all files. [false]
How do I customize directory listings?
You can override DefaultServlet with you own implementation and use that in your web.xml declaration. If you can understand what was just said, we will assume you can read the code to DefaultServlet servlet and make the appropriate adjustments. (If not, then that method isn’t for you)
You can use either localXsltFile or globalXsltFile and DefaultServlet will create an xml document and run it through an xsl transformation based on the values provided in localXsltFile and globalXsltFile. localXsltFile is first checked, followed by globalXsltFile, then default behaviors takes place.
Format:
<listing> <entries> <entry type='file|dir' urlPath='aPath' size='###' date='gmt date'> fileName1 </entry> <entry type='file|dir' urlPath='aPath' size='###' date='gmt date'> fileName2 </entry> ... </entries> <readme></readme> </listing> size will be missing if type='dir' Readme is a CDATA entryThe following is a sample xsl file which mimics the default tomcat behavior:
<?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet xmlns:xsl=“http://www.w3.org/1999/XSL/Transform”
version=“3.0”>
<xsl:output method=“html” html-version=“5.0”
encoding=“UTF-8” indent=“no”
doctype-system=“about:legacy-compat”/>
<xsl:template match=“listing”>
Sample Directory Listing For
| Filename | Size | Last Modified |
|---|
Apache Tomcat/8.5
<xsl:template match=“entries”>
<xsl:apply-templates select=“entry”/>
</xsl:template>
<xsl:template match=“readme”>
xsl:apply-templates/
</xsl:template>
<xsl:template match=“entry”>
<xsl:variable name=“urlPath” select=“@urlPath”/>
xsl:apply-templates/
<xsl:value-of select=“@size”/>
<xsl:value-of select=“@date”/>
</xsl:template>
</xsl:stylesheet>
How do I secure directory listings?
Use web.xml in each individual webapp. See the security section of the Servlet specification.
您可以使用自己的实现重写DefaultServlet,并在web.xml声明中使用它。如果您能够理解刚才所说的,我们假设您可以将代码读取到DefaultServletServlet并进行适当的调整。(如果不是,那么这种方法不适合你)
您可以使用localXsltFile或globalXsltFile,DefaultServlet将创建一个xml文档,并根据localXsltFile和globalXsltFile中提供的值通过xsl转换运行它。首先检查localXsltFile,然后检查globalXsltFile,然后执行默认行为。
