Utility Servlets Packaged with Hippo CMS
Introduction
In addition to the CMS and Console application two servlets are bundled with Hippo CMS which are active by default (unless you have a custom WEB-INF/web.xml or have copied the original WEB-INF/web.xml into your own packaging).
Servlets
The following servlets are packaged with Hippo CMS:
- LoggingServlet
By default deployed on <context-root>/logging/
Provides access to and control over the logging information written in log files. This servlet is not required but is especially useful for test environments and problem solving when no full access is available to the system. Via the <context-root>/logging browser interface you can only change the log level of a specific (class) logger. If you want to change the log level of logger configured in log4j.xml, for example you want to set <logger additivity="false" name="org.hippoecm.hst"> to DEBUG, you can request :<context-root>/logging/?ll=org.hippoecm.hst:DEBUG
Setting the package-level log levels like above only works if there is a corresponding entry in log4j.xml. - RepositoryServlet
By default deployed on <context-root>/repository/
Runs the content repository and provides a simple browse interface through authorised access. This is a mandatory servlet.Also see Query the Content Repository using XPath. -
PingServlet
By default deployed on <context-root>/ping/
Simple servlet to check if the content repository is up and running. If everything is as it should be it will return the following message:OK - Repository online and accessible.
Both the CMS (authoring) and HST (delivery) applications provide a PingServlet on <context-root>/ping/.
Security notes
You can choose to modify all deployment paths under a common path, such as <context-root>/admin/repository, <context-root>/admin/logging and then use your application container to restrict the access to all of the <context-root>/admin. Without any restriction these servlets are open to anyone and even though your content is secured by means of basic authentication, you might want to hide information such as current memory usage of the system. By placing the above servlets under a common path and placing administration rules in your application container you can restrict the access to only access from your own intranet or with more extensive authentication requirements. Note that the LoggingServlet may be removed all together, but it can be an invaluable asset when problem-solving.