Developed on ADF 11.1.2.4 (JSF2.0 -GF 3.1.2)
Expecting to implement urlrewrite for pretty urls.
Added into web.xml:
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>WARN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
created urlrewrite.xml such as
<rule>
<from casesensitive="false">myTest</from>
<use-context>true</use-context>
<to>/faces/admin/admin.jspx</to>
</rule>
admin.jspx contains TF.
When i deploy project and request hostname:9999/mytest redirects right page(hostname:9999/faces/admin/admin.jspx) and page renders without problem. But my actual goal was that making supply to see never real url. But i can see the real url on browser such as:(...jspx?_adf.ctrl-state=4avl71cil_1) So, what am i missing? By the way; When i type the masked url, it redirects my real page, so it works good. But seems to be the real url on browser address bar. If i only use html pages out of 'faces' context, then urlrewrite works as fully expected.
Thx, brgds
As you have Tucky URL Rewriting filter, ADF comes with its JSF View Handler, and before ADF 12.1.x you won't be able to forward URLs unless you are using Apache Server Rewrites or Oracle HTTP Server, as the ADF internal filter will look for _adf.ctrl-state and if it's not found it'll append it to the URL which will show the actual URL of the page.
You can try to hack those _adf.ctrl-state by extending ServletRequest and when asked about _adf.ctrl-state to provide the last value saved in session, but I assure you it'll be very harmful for the application.
Related
I want to connect servlet using urlconnection in wicket-spring integration, but when i try to hit the url its redirecting to webapplication page, So can anyone tell me how to connect servlet methods by using filters or any other way, so that i can directly hit dopost or doget methods.
The question is not very clear, so I'll try to guess. I suppose that you have a Wicket filter that intercepts and handles all the requests. Also you have some servlet, and you want requests to that servlet to not be intercepted by Wicket filter.
If this is what you want, here is what you can do to achieve this.
Let's say you have Wicket filter mapped to / and the servlet mapped to /my-service. Then you could tell Wicket filter to ignore requests to /my-service url:
<filter>
<filter-name>wicket.filter</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>... some application class name ...</param-value>
</init-param>
<init-param>
<param-name>ignorePaths</param-name>
<param-value>/my-service</param-value>
</init-param>
</filter>
If you want several paths to be ignored, you can separate them with commas like this:
<init-param>
<param-name>ignorePaths</param-name>
<param-value>/my-service,/my-other-service</param-value>
</init-param>
With this configuration, Wicket will ignore any requests under /my-service (that is, /my-service, /my-service/blabla and so on) and any request under /my-other-service.
I am learning Spring MVC .
To configure servlet mapping in web.xml.
Who can tell what's difference between them
<servlet-name>login</servlet-name>
<url-pattern>/login/</url-pattern>
<servlet-name>login</servlet-name>
<url-pattern>/login</url-pattern>
<servlet-name>login</servlet-name>
<url-pattern>/</url-pattern>
<servlet-name>login</servlet-name>
<url-pattern>/*</url-pattern>
<servlet-name>login</servlet-name>
<url-pattern>/*.do</url-pattern>
Maybe more...
It is really necessary for me to know ,so that a new servlet will not be Intercept by other ones.
<servlet-name>login</servlet-name>
<url-pattern>/login</url-pattern>
This is exact url pattern, this servlet will be invoked only if the url is like someThing.com/login
<servlet-name>login</servlet-name>
<url-pattern>/*</url-pattern>
This is directory url pattern. So /someString or /someOtherString or /some/someOther will invoke the same login servlet.
<servlet-name>login</servlet-name>
<url-pattern>/*.do</url-pattern>
This is extension url pattern. Anything that is suffixed as .do will map to this. e.g. /someUrl.do or /some/someOther.do will invoke the login servlet.
this looks rather strange,you have this
<servlet-name>login</servlet-name>
<url-pattern>/*</url-pattern>
and thats all you need, the rest of the mapping are supercilious. But calling your spring servlet login is a bit weird. Normally you would call it spring-servlet or similar, everything is then mapped to that servlet, and specific request mappings are handled by different controllers - you can use RequestMappign annoation on controller methods.
I need to log in with j_spring_security_check using special characters in the username and/or in the password via url
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=üüü
isn't working and
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=%c3%bc%c3%bc%c3%bc
(with "üüü" urlencoded)
isn't working either
Any suggestion? Let me know if you need to see any other configuration.
Thanks
The Java Servlet standard is lamentably poor at supporting Unicode. The default of ISO-8859-1 is useless and there is still no cross-container-compatible means of configuring it to something else.
The filter method in matteosilv's answer works for request bodies. For parameters in the URL, you have to use container-specific options. For example in Tomcat, set URIEncoding on the <Connector> in server.xml; in Glassfish it's <parameter-encoding> in glassfish-web.xml.
(If you have to work in a fully cross-container-compatible manner you end up having to write your own implementation of getParameter(), which is sad indeed. Bad Servlet.)
However in any case it is a bad idea to pass login form fields in GET URL parameters.
This is firstly because a login causes a state-change to occur, so it is not "idempotent". This makes GET an unsuitable method and causes a load of practical problems like potentially logging you in when you navigate a page, or failing to log you in due to caching, and so on.
Secondly there are a range of ways URLs can 'leak', including referrer tracking, logging, proxies and browser history retention. Consequently you should never put any sensitive data such as a password in a URL, including in GET form submissions.
I'd suggest using a POST form submission instead, together with the CharacterEncodingFilter.
Maybe an encodingFilter in the web.xml file could be helpful:
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
source: Spring security: Form login special characters
The issue was actually solved for me by moving the CharacterEncodingFilter ABOVE the SpringSecurityFilterChain in web.xml.
I am developing services in spring and the services were deployed in JBOSS 7.1.0.
Sample code for request mapping:
#RequestMapping(value=/state, method=RequestMethod.GET)
public ResponseEntity<ListStatesResponseVO> getListOfStates(#RequestParam(required=false) Long id,
#RequestParam(required=false) Long page,
#RequestParam(required=false) Long pagesize);
My problem is when I pass special characters in request parameter, it’s returning me a valid xml response, but as per my understanding it should return “400 BAD REQUEST”.
Sample URI:
http://localhost:8080/location-services/location/api/state?id=$%^$^$#$%^$%
I also added
<property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
<property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>
Inside JBOSS’s standalone.xml.
And also
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<!-- set forceEncoding to true if you want to override encoding of servlet -->
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
Inside web.xml.
But these doesn’t solved the problem.
Is there any solution available for this.
Thanks in advance.
You should not allow your users to enter the values in the query string themselves. It's a bad practice and is very risky for your web application security. To avoid such attacks and restrict your users from url tampering you should implement HDIV framework in your application.
Once you implement that no one can mess with your urls. And if someone tries to do so then "bad request" errors will be shown to them.
Hope this helps you. Cheers.
I'd like to know if there is a way to provide login support fora all web application content. I mean when user tries to access some site (also static content - html), and he isn't logged or session expires he should be redirected to login site.
Html filter in web.xml for logging is almost what I need, but I also need authentication of html pages.
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>example.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This doesn't work with html pages, only servlet requests.
This should be generic mechanism, not like i.e. writing in every servlet session checking.
Thanks for all resopnes.
There are standard web.xml configuration options for defining this.
You shouldn't have to define a custom filter.
See http://download.oracle.com/docs/cd/B31017_01/web.1013/b28967/adding_security003.htm
If your application contains pages that require a user to be authenticated against a data store in order to be accessed, you must declare the following in the web.xml configuration file:
<security-role> defines valid roles in the security context.
<login-config> defines the protocol for authentication, for example form-based or HTTPS.
<security-constraint> defines the resources specified by URL patterns and HTTP methods that can be accessed only by authorized users or roles.
<servlet> defines the servlet that provides authentication.
<servlet-mapping> maps the servlet to a URL pattern.
defines the filter used to transform the content of the authentication request.
<filter-mapping> maps the filter to the file extensions used by the application. For details about the ADF binding filter, see Configuring the ADF Binding Filter.