SSI How To

&project; Glenn L. Nielsen SSI How To

SSI (Server Side Includes) are directives that are placed in HTML pages, and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program, or other dynamic technology.

Within Tomcat SSI support can be added when using Tomcat as your HTTP server and you require SSI support. Typically this is done during development when you don't want to run a web server like Apache.

Tomcat SSI support implements the same SSI directives as Apache. See the Apache Introduction to SSI for information on using SSI directives.

SSI support is available as a servlet and as a filter. You should use one or the other to provide SSI support but not both.

Servlet based SSI support is implemented using the class org.apache.catalina.ssi.SSIServlet. Traditionally, this servlet is mapped to the URL pattern "*.shtml".

Filter based SSI support is implemented using the class org.apache.catalina.ssi.SSIFilter. Traditionally, this filter is mapped to the URL pattern "*.shtml", though it can be mapped to "*" as it will selectively enable/disable SSI processing based on mime types. The contentType init param allows you to apply SSI processing to JSP pages, javascript, or any other content you wish.

By default SSI support is disabled in Tomcat.

CAUTION - SSI directives can be used to execute programs external to the Tomcat JVM. If you are using the Java SecurityManager this will bypass your security policy configuration in catalina.policy.

To use the SSI servlet, remove the XML comments from around the SSI servlet and servlet-mapping configuration in $CATALINA_BASE/conf/web.xml.

To use the SSI filter, remove the XML comments from around the SSI filter and filter-mapping configuration in $CATALINA_BASE/conf/web.xml.

Only Contexts which are marked as privileged may use SSI features (see the privileged property of the Context element).

There are several servlet init parameters which can be used to configure the behaviour of the SSI servlet.

buffered - Should output from this servlet be buffered? (0=false, 1=true) Default 0 (false).
debug - Debugging detail level for messages logged by this servlet. Default 0.
expires - The number of seconds before a page with SSI directives will expire. Default behaviour is for all SSI directives to be evaluated for every request.
isVirtualWebappRelative - Should "virtual" SSI directive paths be interpreted as relative to the context root, instead of the server root? (0=false, 1=true) Default 0 (false).
inputEncoding - The encoding to be assumed for SSI resources if one cannot be determined from the resource itself. Default is the default platform encoding.
outputEncoding - The encoding to be used for the result of the SSI processing. Default is UTF-8.
allowExec - Is the exec command enabled? Default is false.

There are several filter init parameters which can be used to configure the behaviour of the SSI filter.

contentType - A regex pattern that must be matched before SSI processing is applied. When crafting your own pattern, don't forget that a mime content type may be followed by an optional character set in the form "mime/type; charset=set" that you must take into account. Default is "text/x-server-parsed-html(;.*)?".
debug - Debugging detail level for messages logged by this servlet. Default 0.
expires - The number of seconds before a page with SSI directives will expire. Default behaviour is for all SSI directives to be evaluated for every request.
isVirtualWebappRelative - Should "virtual" SSI directive paths be interpreted as relative to the context root, instead of the server root? (0=false, 1=true) Default 0 (false).
allowExec - Is the exec command enabled? Default is false.

Server Side Includes are invoked by embedding SSI directives in an HTML document whose type will be processed by the SSI servlet. The directives take the form of an HTML comment. The directive is replaced by the results of interpreting it before sending the page to the client. The general form of a directive is:

The directives are:

config -  Used to set the format of dates and other items processed by SSI
echo -  will be replaced by the value of the variable.
exec - Used to run commands on the host system.
include -  inserts the contents
flastmod -  Returns the time that a file was lost modified.
fsize -  Returns the size of a file.
printenv -  Returns the list of all the defined variables.
set -  is used to assign a value to a user-defind variable.
if elif endif else - Used to create conditional sections. For example:

<!--#config timefmt="%A" -->

  <!--#if expr="$DATE_LOCAL = /Monday/" -->

  <p>Meeting at 10:00 on Mondays</p>

  <!--#elif expr="$DATE_LOCAL = /Friday/" -->

  <p>Turn in your time card</p>

  <!--#else -->

  <p>Yoga class at noon.</p>

  <!--#endif -->

See the

Apache Introduction to SSI for more information on using SSI directives.

The SSI servlet currently implements the following variables:

Variable Name	Description
AUTH_TYPE	The type of authentication used for this user: BASIC, FORM, etc.
CONTENT_LENGTH	The length of the data (in bytes or the number of characters) passed from a form.
CONTENT_TYPE	The MIME type of the query data, such as "text/html".
DATE_GMT	Current date and time in GMT
DATE_LOCAL	Current date and time in the local time zone
DOCUMENT_NAME	The current file
DOCUMENT_URI	Virtual path to the file
GATEWAY_INTERFACE	The revision of the Common Gateway Interface that the server uses if enabled: "CGI/1.1".
HTTP_ACCEPT	A list of the MIME types that the client can accept.
HTTP_ACCEPT_ENCODING	A list of the compression types that the client can accept.
HTTP_ACCEPT_LANGUAGE	A list of the languages that the client can accept.
HTTP_CONNECTION	The way that the connection from the client is being managed: "Close" or "Keep-Alive".
HTTP_HOST	The web site that the client requested.
HTTP_REFERER	The URL of the document that the client linked from.
HTTP_USER_AGENT	The browser the client is using to issue the request.
LAST_MODIFIED	Last modification date and time for current file
PATH_INFO	Extra path information passed to a servlet.
PATH_TRANSLATED	The translated version of the path given by the variable PATH_INFO.
QUERY_STRING	The query string that follows the "?" in the URL.
QUERY_STRING_UNESCAPED	Undecoded query string with all shell metacharacters escaped with "\"
REMOTE_ADDR	The remote IP address of the user making the request.
REMOTE_HOST	The remote hostname of the user making the request.
REMOTE_PORT	The port number at remote IP address of the user making the request.
REMOTE_USER	The authenticated name of the user.
REQUEST_METHOD	The method with which the information request was issued: "GET", "POST" etc.
REQUEST_URI	The web page originally requested by the client.
SCRIPT_FILENAME	The location of the current web page on the server.
SCRIPT_NAME	The name of the web page.
SERVER_ADDR	The server's IP address.
SERVER_NAME	The server's hostname or IP address.
SERVER_PORT	The port on which the server received the request.
SERVER_PROTOCOL	The protocol used by the server. E.g. "HTTP/1.1".
SERVER_SOFTWARE	The name and version of the server software that is answering the client request.
UNIQUE_ID	A token used to identify the current session if one has been established.