Oracle Weblogic Server Client Error Message Supress or Restrict - oracle

I would like to restrict client side error message on Weblogic.
I havent found any solution on it. In that image, would like to suppress bea_fault:stacktrace part.

First of all, you have not explicitly specified which web service technology you are using. I guess that is jax-rpc.
So, i think, you can solve by following ways.
By editing web.xml, you can get response message. ExceptionHandler must be implements javax.servlet.Filter.
<filter>
<filter-name>ExceptionHandler</filter-name>
<filter-class>ExceptionHandler</filter-class>
</filter>
<filter-mapping>
<filter-name>ExceptionHandler</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>

Related

How can i Use Tuckey URL Rewrite with ADF Essentials?

Developed on ADF 11.1.2.4 (JSF2.0 -GF 3.1.2)
Expecting to implement urlrewrite for pretty urls.
Added into web.xml:
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>WARN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
created urlrewrite.xml such as
<rule>
<from casesensitive="false">myTest</from>
<use-context>true</use-context>
<to>/faces/admin/admin.jspx</to>
</rule>
admin.jspx contains TF.
When i deploy project and request hostname:9999/mytest redirects right page(hostname:9999/faces/admin/admin.jspx) and page renders without problem. But my actual goal was that making supply to see never real url. But i can see the real url on browser such as:(...jspx?_adf.ctrl-state=4avl71cil_1) So, what am i missing? By the way; When i type the masked url, it redirects my real page, so it works good. But seems to be the real url on browser address bar. If i only use html pages out of 'faces' context, then urlrewrite works as fully expected.
Thx, brgds
As you have Tucky URL Rewriting filter, ADF comes with its JSF View Handler, and before ADF 12.1.x you won't be able to forward URLs unless you are using Apache Server Rewrites or Oracle HTTP Server, as the ADF internal filter will look for _adf.ctrl-state and if it's not found it'll append it to the URL which will show the actual URL of the page.
You can try to hack those _adf.ctrl-state by extending ServletRequest and when asked about _adf.ctrl-state to provide the last value saved in session, but I assure you it'll be very harmful for the application.

mixing user session data in jboss

if someone can help with JBoss returning data from wrong user. Our setup is JBOSS 7.1.1 with Vaadin 7.1.6 and Shiro.
Our current problem is when multiple users use our Vaadin application it frequently returning data from other users to another curently loged user,. ie it is mixing users data. We have tried reinstaling the PC, changing browsers, disabling caching..., nothing helped. We aded CDI UI addon from Vaadin but it doesnt help.
Our previous issue with similar problem
Shiro returning wrong user data
We resolved some other authentication problems with disabling push but this problem stil persist.
Any help apreciated
I have the same problem but when i got to this page my web.xml was already setup.
I´m using JBoss AS 7.1.1, JSF 2 and Shiro. A user receive data from another sessionScope ManagedBean after an ajax call.
Any help apreciated.
If enyone else has the same issue, this is what you need to add to your web.xml:
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
...
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>

Spring security and special characters

I need to log in with j_spring_security_check using special characters in the username and/or in the password via url
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=üüü
isn't working and
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=%c3%bc%c3%bc%c3%bc
(with "üüü" urlencoded)
isn't working either
Any suggestion? Let me know if you need to see any other configuration.
Thanks
The Java Servlet standard is lamentably poor at supporting Unicode. The default of ISO-8859-1 is useless and there is still no cross-container-compatible means of configuring it to something else.
The filter method in matteosilv's answer works for request bodies. For parameters in the URL, you have to use container-specific options. For example in Tomcat, set URIEncoding on the <Connector> in server.xml; in Glassfish it's <parameter-encoding> in glassfish-web.xml.
(If you have to work in a fully cross-container-compatible manner you end up having to write your own implementation of getParameter(), which is sad indeed. Bad Servlet.)
However in any case it is a bad idea to pass login form fields in GET URL parameters.
This is firstly because a login causes a state-change to occur, so it is not "idempotent". This makes GET an unsuitable method and causes a load of practical problems like potentially logging you in when you navigate a page, or failing to log you in due to caching, and so on.
Secondly there are a range of ways URLs can 'leak', including referrer tracking, logging, proxies and browser history retention. Consequently you should never put any sensitive data such as a password in a URL, including in GET form submissions.
I'd suggest using a POST form submission instead, together with the CharacterEncodingFilter.
Maybe an encodingFilter in the web.xml file could be helpful:
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
source: Spring security: Form login special characters
The issue was actually solved for me by moving the CharacterEncodingFilter ABOVE the SpringSecurityFilterChain in web.xml.

openSessionInView implementation and LOCK

I am trying to develop an application using Spring 2.5.5 Flex/J2EE and Hibernate 3.1.3.
My problem is that when a user opens the "Customer Information" screen and then displays informations of a client in change mode, I want the record to be locked (Pessimistic or optimistic lock Lock) as appropriate. And registration remains locked until the user validates the change (commit ()) or closes the screen.
They talk on the net about long conversation (Hibernate), and openSessionInView pattern. But I have not found a clear example.
The solution is to keep the Hibernate session open until the end of entry.
then made ​​the commit or rollback.
I try to use the class: "org.springframework.orm.hibernate3.support.OpenSe ssionInViewInterceptor" but I did not succeed.
I do not know how to configure it with Spring.
I spent too much time and it becomes urgent ... Who can help me??
Thank you in advance.
OpenSessionInViewInterceptor has to be configured in your web.xml
Sample below:
<filter>
<filter-name>openSessionInViewFilter</filter-name>
<filter-class>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value> <!-- This is the default value, in case you have given different name please specify the same. -->
</init-param>
</filter>
Also check the documentation for subtle issues.

Special Characters in Request Parameter

I am developing services in spring and the services were deployed in JBOSS 7.1.0.
Sample code for request mapping:
#RequestMapping(value=/state, method=RequestMethod.GET)
public ResponseEntity<ListStatesResponseVO> getListOfStates(#RequestParam(required=false) Long id,
#RequestParam(required=false) Long page,
#RequestParam(required=false) Long pagesize);
My problem is when I pass special characters in request parameter, it’s returning me a valid xml response, but as per my understanding it should return “400 BAD REQUEST”.
Sample URI:
http://localhost:8080/location-services/location/api/state?id=$%^$^$#$%^$%
I also added
<property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
<property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>
Inside JBOSS’s standalone.xml.
And also
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<!-- set forceEncoding to true if you want to override encoding of servlet -->
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
Inside web.xml.
But these doesn’t solved the problem.
Is there any solution available for this.
Thanks in advance.
You should not allow your users to enter the values in the query string themselves. It's a bad practice and is very risky for your web application security. To avoid such attacks and restrict your users from url tampering you should implement HDIV framework in your application.
Once you implement that no one can mess with your urls. And if someone tries to do so then "bad request" errors will be shown to them.
Hope this helps you. Cheers.

Resources