Archived: Hijacking Servlet Converted from JSP

This section provides a tutorial example on how to hijack the JSP-to-Servlet conversion process on Tomcat 4.1.18 by placing your own Servlet class in the 'work' folder.

One interesting thing you can do with Tomcat 4 is to hijack the JSP-to-Servlet conversion process, by placing your a different Servlet class in the "work" folder so it behaves differently than the original JSP page.

First write this JSP page, fake.jsp, and save it to \local\jakarta-tomcat-4.1.18\webapps\ROOT:

 - fake.jsp
 - Copyright (c) 2006 All Rights Reserved.
This a faked JSP page.
The real content will come from the output of the JSP Servlet class.

Then, write the following JSP Servlet class, and save it to \local\jakarta-tomcat-4.1.18\work\standalone\localhost\_:

 * Copyright (c) 2002 All Rights Reserved.
package org.apache.jsp;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.jsp.*;
import org.apache.jasper.runtime.*;
public class fake_jsp extends HttpJspBase {
  public java.util.List getIncludes() {
    return null;
  public void _jspService(HttpServletRequest request,
    HttpServletResponse response)
    throws, ServletException {
    JspFactory _jspxFactory = null;
    javax.servlet.jsp.PageContext pageContext = null;
    JspWriter out = null;
    try {
      _jspxFactory = JspFactory.getDefaultFactory();
      pageContext = _jspxFactory.getPageContext(this, request,
         response, null, true, 8192, true);
      out = pageContext.getOut();
      out.println("Hello world! - From Servlet");
    } catch (Throwable t) {
      if (out != null && out.getBufferSize() != 0)
      if (pageContext != null) pageContext.handlePageException(t);
    } finally {
      if (_jspxFactory != null)

Compile this class with JDK 1.3.1:

cd \local\jakarta-tomcat-4.1.18\work\standalone\localhost\_
set classpath=..\..\..\..\common\lib\servlet.jar

Now, run IE with url: http://localhost:8080/fake.jsp. Guess what you will get on the IE window? The text from the fake.jsp page, or the output of

You should see the output of Tomcat has been fooled by the file names and time stamps. When Tomcat receives a HTTP request for fake.jsp, it will look for fake_jsp.class at the JSP Servlet directory. Since fake_jsp.class is there and has newer time stamp than fake.jsp, it will assume fake_jsp.class is the latest class translated from fake.jsp, and execute it immediately.

Be aware that if you modify fake.jsp and save it back. The next time when Tomcat receives a request for fake.jsp, it will translate the new fake.jsp and replace both and fake_jsp.class. The original will be gone.

Table of Contents

 About This Book

 JSP (JavaServer Pages) Overview

 Tomcat Installation on Windows Systems

 JSP Scripting Elements

 Java Servlet Introduction

 JSP Implicit Objects

 Syntax of JSP Pages and JSP Documents

 JSP Application Session

 Managing Cookies in JSP Pages

 JavaBean Objects and "useBean" Action Elements

 Managing HTTP Response Header Lines

 Non-ASCII Characters Support in JSP Pages

 Performance of JSP Pages

 EL (Expression Language)

 Overview of JSTL (JSP Standard Tag Libraries)

 JSTL Core Library

 JSP Custom Tags

 JSP Java Tag Interface

 Custom Tag Attributes

 Multiple Tags Working Together

 File Upload Test Application

 Using Tomcat on CentOS Systems

 Using Tomcat on macOS Systems

 Connecting to SQL Server from Servlet

 Developing Web Applications with Servlet

Archived Tutorials

 Archived: Installing GlassFish JSTL 1.2 on Tomcat

 Archived: Downloading and Installing Tomcat 7

 Archived: Installing Tomcat 5.5.7

 Archived: Installing Tomcat 4.1.18

 Archived: Java Class Converted by Tomcat 4.1.18

Archived: Hijacking Servlet Converted from JSP

 Archived: Using Perl LWP::Debug Module to Debug

 Archived: Installing JSTL 1.0 Apache Implementation

 Archived: Upgrade JDK 1.3 to JDK 1.4 on Tomcat 4.1

 Archived: Compilation Errors with JDK 1.4

 Archived: Using JavaBean without Import Element Error


 Full Version in PDF/EPUB