One of the most important tasks for an Oracle ATG Web Commerce server is handling HTTP requests. The request-handling pipeline represents a potential source of security issues related to denial of service attacks, and configuration should be approached carefully.
The Oracle ATG Web Commerce server extends the basic web server model with Nucleus services that implement the Servlet interface, and which are linked in order to process HTTP requests. Each servlet performs a specialized function on a request, then relays the request—sometimes in modified form—to the next servlet in the chain. While each servlet performs a unique service, it often relies on changes that previous servlets made to the request. This chain of servlets is called a request-handling pipeline.
For example, a typical request might be processed as follows:
Compare the request URI against a list of restricted directories, to make sure that the user has permission to access the specified directory.
Translate the request URI into a real file name, taking index files into account when the file name refers to a directory.
Given the file name’s extension, determine the MIME type of the file.
From the MIME type, dispatch the request to the appropriate handler.
The preceding example shows one of many request-handling configurations. Other configurations might dispatch based on a beginning path such as /cgi-bin or move the session-tracking step to be performed only for files with the MIME type text/session-tracked.
Because the request-handling pipeline is composed of Nucleus components that are independently configurable, it is easy to modify, giving you the flexibility that enterprise applications often require. For additional information on pipeline configuration, see the ATG Platform Programming Guide.
