Restrict URL tampering in Spring Framework 3.1 - spring

I am building an application using Spring Framework 3.1
I am having my controllers mapped with url containing path variables that stands for some id.
But I don't want the user to tamper with the url and change the path variable value manually.
I want to restrict them from doing so.
I have already tried using the ShallowEtagHeaderFilter. But its not working the way it suppose to.
I don't know whether I missed any configuration for the filter or its not working at all.
here is my web.xml where I have configured the dispatcher servlet and filter.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>eTagFilter</filter-name>
<filter-class>com.abc.config.EtagFilter</filter-class>
</filter>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>eTagFilter</filter-name>
<servlet-name>dispatcher</servlet-name>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
Please help me with this.
Thanks in advance.

I don't understand how ShallowEtagHeaderFilter fits into this picture, I think you misunderstood its functionality. It's supposed to reduce network traffic by taking pages from the browser cache. That's a totally different scenario from yours.
Basically: if you don't want users to tamper with URLs, you will need to have a way to verify that the URL was created by your application, usually a checksum parameter of some sort with an algorithm that's not easy to guess.
e.g. /site/12/user/12345/aB where aB is calculated based on /site/12/user/12345. Now if the user changes the URL to /site/13/user/12345/aB the checksum is wrong and you can send a 404 or a 400 or whatever error you want to send.
I'd probably implement the checksum check as a Filter and write a utility method that creates URLs with checksum based on plain URLs (possibly you'll need a JSP tag as well)

Related

Spring MVC make a rest controller without suffix in URL. My other controllers need to have suffix

I am running a Spring Project which is a combination of Spring MVC and Spring boot. Its configuration has set all the controllers must need to use .html in the URL suffix. Now I need to connect with a third party that shared a predefined URL that I have to make where URL does not have any suffixes.
My system URL https://mysystem.com/api/urls.html
I need to have https://mysystem.com/thrid_party_string
I am facing trouble configuring. Both at the same time. how can I manage?
Note: I cannot change existing controllers since they are already in us for many services.
My web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>test</display-name>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>webapp.test</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContextService.xml</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<context-param>
<param-name>log4jExposeWebAppRoot</param-name>
<param-value>false</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- filter -->
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- filter-mapping -->
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>*.asx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>*.m3u8</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>cors</filter-name>
<filter-class>some.com.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Standard Action Servlet Configuration -->
<servlet>
<servlet-name>spring-mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<!-- Standard Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>spring-mvc-dispatcher</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/general_error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/general_error_500.html</location>
</error-page>
</web-app>
By using spel(Spring expression language) you can set prefix for each controller
#Controller
#RequestMapping(path = "${apiPrefix}/users")
public class UserController {
}
Then, we simply specify the property value in our application.properties:
apiPrefix=/api
for more information you can see its
documentatihttps://www.baeldung.com/spring-boot-controllers-add-prefixon
Normally if you're the one providing the service, the caller needs to adjust to your URL patterns, not the other way around.
That said... it appears recent servlet specs can have more than one url-pattern. If the desired REST URLs don't have a common pattern of their own, like /api/xxx, you might have to bind the dispatcher to / and expect a lot of URLs that don't match the REST ones or *.html to just produce internal 404 errors

Spring OAuth2 resource classes not getting called

In reference to the below questions asked on StackOverflow, I have included a class
annotated with #Configuration, #EnableResourceServer and #EnableWebSecurity.
The code is building fine but the control is not going in this class which have been annotated the aforementioned way.
Do I need resource server with Spring Security OAuth2?
I checked that Security filters were disabled in my web.xml. Now, I have enabled them. Even though I am not getting the intended result when I hit my request, I think the initial issue is fixed.
That issue got solved but now I am facing another issue:
HTTP Status 500 - Failed to evaluate expression 'ROLE_USER'
root cause: org.springframework.expression.spel.SpelEvaluationException: EL1008E: Property or field 'ROLE_USER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>hk-pensions</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:META-INF/spring/*.xml</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Configuring jersey SpringServlet as a servlet throws "IllegalStateException: No Such servlet"

I am attempting to configure the Jersey SpringServlet in the web.xml for my Jetty 8 server on Jersey 1.x and when I configure it as a <servlet> I get the exception thrown:
java.lang.IllegalStateException: No Such servlet: null
at org.eclipse.jetty.servlet.ServletHandler.updateMappings(ServletHandler.java:1320)
at org.eclipse.jetty.servlet.ServletHandler.setFilterMappings(ServletHandler.java:1414)
at org.eclipse.jetty.servlet.ServletHandler.addServletMapping(ServletHandler.java:896)
Sorry for the short stack trace, I can't copy/paste.
Here is my web.xml
<!?xml version="1.0" encoding="UTF-8" ?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_3_0.xsd"
version="3.0">
<display-name>tpm</display-name>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>prod</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/tpm-ui-context.xml</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan.providers</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan.resources</param-name>
<param-value>false</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoadListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>securityCheckFilter</filter-name>
<filter-class>tpm.ui.filter.SecurityCheckFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>cacheControlFilter</filter-name>
<filter-class>tpm.core.rest.filter.ControlFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<!-- HERE'S THE PROBLEM, WHEN DECLARED AS A FILTER THE APPLICATION WORKS! -->
<servlet>
<servlet-name>jersey</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>tpm.ui.resources</param-value>
</init-param>
<!-- WHEN DEFINED AS A FILTER THIS <init-param> IS UNCOMMENTED
<init-param>
<param-name>com.sun.jersey.config.property.WebPageContexRegex</param-name>
<param-value>/|/.*(jsp|txt|html|woff|ttf)|/(images|js|swf|css|font|styles|api|(WEB-INF/jsp)|favicon.ico)/.*</param-value>
-->
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<filter-mapping>
<filter-name>securityCheckFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cacheControlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>jersey</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
I need to get SpringServlet to work as a Servlet and not a Filter because I am adding another Servlet which is utilizing Comet to perform push services. If I keep SpringServlet as a Filter the request will never get to my new Servlet.
Note: Jetty 8 is EOL (End of Life), consider upgrading.
That stacktrace makes no sense.
java.lang.IllegalStateException: No Such servlet: null
at org.eclipse.jetty.servlet.ServletHandler.updateMappings(ServletHandler.java:1320)
at org.eclipse.jetty.servlet.ServletHandler.setFilterMappings(ServletHandler.java:1414)
at org.eclipse.jetty.servlet.ServletHandler.addServletMapping(ServletHandler.java:896)
It goes from addServletMapping -> setFilterMappings -> updateMappings
I can find no version of Jetty 8 that had that call path.
Which version of Jetty 8 are you using?
Even accounting for the fact that com.sun.jersey.spi.spring.container.servlet.SpringServlet implements all of the following interfaces ...
javax.servlet.Filter
javax.servlet.Servlet
javax.servlet.ServletConfig
If we make an assumption that jetty determines the type poorly, there is still no way that call stack would occur.
Went ahead and mocked up a quick test case with a class that implements all 3 of those interfaces and used it against Jetty 8.1.16.v20140903 distribution and it does not trigger that stacktrace.
Perhaps you need to enable full debug logging to see what was happening immediately before that IllegalStateException occurred. (its quite likely not the SpringServlet init that caused it)
If you have a larger (and more accurate) stacktrace, that might help too.

Tomcat started but application is not running

I created a spring application and deployed it in tomcat server (Tomcat v5.5 Server). I checked in tomcat manager and found my application is listed.But while i try to run my application,i am getting a page showing
**This program cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
What you can try:
Check your Internet connection. Try visiting another website to make sure you are connected.
Retype the address.**
I don't know where i am missing out.Please help me in sorting out this issue.
My web.xml file as follows
<?xml version="1.0"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<description>Log4j configuration file used by spring to initialize logging</description>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:pricingLog4j.properties</param-value>
</context-param>
<context-param>
<description>By default myfaces serializes the current view and saves it in session after view is rendered.
In Pricing UI, values on the Page tags are bound to UIComponents on backing bean using "binding" attribute. Most of the components are created
in the backing bean. When myfces serializes, it serializes the wrapped object under UIComponents, i.e HtmlDataTabl's value attribute, which are in Pricing UI case
business objects which have a big graphs attached to it and you start getting "serialization" error
Keep this pram-value to false to avoid serialization.</description>
<param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Comma separated list of URIs of (additional) faces config
files. (e.g. /WEB-INF/my-config.xml) See JSF 1.0 PRD2,
10.3.2.
DONOT ADD DEFAULT faces-config.xml HERE. IT IS AUTOMATICALLY LOADED BY FACES. IF GIVEN HERE, IT WILL BE LOADED TWICE</description>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-navigation.xml</param-value>
</context-param>
<context-param>
<param-name>facelets.LIBRARIES</param-name>
<param-value>
/WEB-INF/taglib/tomahawk-taglib.xml;
/WEB-INF/taglib/tomahawk-sandbox-taglib.xml;
/WEB-INF/taglib/jcp-pricing-ui-taglib.xml;
/WEB-INF/taglib/acegijsf-taglib.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/config/pricingEngineContext-caching.xml
classpath:/config/pricingEngineContext-messaging.xml
classpath:/config/pricingEngineContext-service.xml
classpath:/config/pricingEngineContext.xml
classpath:/config/pricingWebApplicationContext.xml
classpath:/config/securityContext.xml</param-value>
</context-param>
<context-param>
<description>State saving method: "client" or "server" (= default) See
JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<description>This parameter tells MyFaces if javascript code should be
allowed in the rendered HTML output. If javascript is
allowed, command_link anchors will have javascript code that
submits the corresponding form. If javascript is not
allowed, the state saving info and nested parameters will be
added as url parameters. Default: "true"</description>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>If true, rendered HTML code will be formatted, so that it is
"human readable". i.e. additional line separators and
whitespace will be written, that do not influence the HTML
code. Default: "true"</description>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If true, a javascript function will be rendered that is able
to restore the former vertical scroll on every request.
Convenient feature if you have pages with long lists and you
do not want the browser page to always jump to the top if
you trigger a link or button action that stays on the same
page. Default: "false"</description>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>true</param-value>
</context-param>
<!-- Special Debug Output for Development -->
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.REFRESH_PERIOD</param-name>
<param-value>2</param-value>
</context-param>
<context-param>
<param-name>org.ajax4jsf.SKIN</param-name>
<param-value>DEFAULT</param-value>
</context-param>
<filter>
<filter-name>Acegi Channel Processing Filter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.securechannel.ChannelProcessingFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<!-- Spring Open Session In View Pattern filter -->
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<!-- Extensions Filter -->
<filter>
<description>Set the size limit for uploaded files. Format: 10 - 10 bytes
10k - 10 KB 10m - 10 MB 1g - 1 GB</description>
<filter-name>extensionsFilter</filter-name>
<filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>
<init-param>
<param-name>uploadMaxFileSize</param-name>
<param-value>100m</param-value>
</init-param>
<init-param>
<description>Set the threshold size - files below this limit are
stored in memory, files above this limit are stored on
disk.
Format: 10 - 10 bytes 10k - 10 KB 10m - 10 MB 1g - 1 GB</description>
<param-name>uploadThresholdSize</param-name>
<param-value>100k</param-value>
</init-param>
<init-param>
<description>Set the path where the intermediary files will be
stored.</description>
<param-name>uploadRepositoryPath</param-name>
<param-value>/tmp</param-value>
</init-param>
</filter>
<filter>
<filter-name>orchestraFilter</filter-name>
<filter-class>org.apache.myfaces.orchestra.conversation.jsf.filter.OrchestraServletFilter</filter-class>
</filter>
<filter>
<filter-name>promotionFilter</filter-name>
<filter-class>com.jcpenney.web.servlet.PromotionFilter</filter-class>
</filter>
<filter>
<display-name>Ajax4jsf Filter</display-name>
<filter-name>ajax4jsf</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>Acegi Channel Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>orchestraFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<!-- Spring/Hibernate filter mappings -->
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>*.remoting</url-pattern>
</filter-mapping>
<!-- Filter Mappings necessary to run myfaces -->
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>promotionFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ajax4jsf</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Myfaces JSF Listener, that does all the startup work (configuration, init). -->
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.apache.myfaces.orchestra.conversation.servlet.ConversationManagerSessionListener</listener-class>
</listener>
<listener>
<listener-class>com.jcpenney.pricing.web.listeners.SessionLoggingListener</listener-class>
</listener>
<listener>
<listener-class>com.jcpenney.pricing.audit.LogoutLogger</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- This servlet is needed to workaround a websphere bug (http://issues.apache.org/jira/browse/TOMAHAWK-663)
Another workaround is on Websphere set com.ibm.ws.webcontainer.invokefilterscompatibility=true as container
property, but that is one more step for server configuration team
-->
<servlet>
<servlet-name>Tomahawk-663 Websphere Workaround Servlet</servlet-name>
<servlet-class>com.jcpenney.web.Tomahawk663Servlet</servlet-class>
</servlet>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
<!-- Mapping for MyFaces components -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<!-- This mapping is needed to back the MyFaces Extention Filter to workaround a websphere bug -->
<servlet-mapping>
<servlet-name>Tomahawk-663 Websphere Workaround Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<!-- pricingUi Monitoring Simple Spring Servlet-->
<servlet>
<servlet-name>pricingUi-monitoring</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>pricingUi-monitoring</servlet-name>
<url-pattern>/ping</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingUi-monitoring</servlet-name>
<url-pattern>/services/ping</url-pattern>
</servlet-mapping>
<!-- Spring Message Dispatcher Servlet for WebServices Call -->
<servlet>
<servlet-name>pricingEngine</servlet-name>
<servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
<init-param>
<param-name>transformWsdlLocations</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/pricingEngineContext-webservice.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>sale-price-upload</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>sale-price-upload</servlet-name>
<url-pattern>/services/salePriceFileUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingEngine</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingEngine</servlet-name>
<url-pattern>*.wsdl</url-pattern>
</servlet-mapping>
<!-- Session Configuration -->
<session-config>
<!-- the time until the session expires in min (60min)-->
<session-timeout>60</session-timeout>
</session-config>
<!-- Welcome files -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
I cannot see the exact log messages that is generated for this Error here in the question. Not enough information.
It is also not mentioned how you are building your application and whether the application build is successful or not. I assuming the build is successful.
For a workaround suggestion, if you are using pom.xml in your application and maven to build, can you please check the <source> and <target> of your application?
<source>1.8</source>
<target>1.8</target>
If the java version that is mentioned in your pom is mis-matched with your system's java version, the error may appear. That is, your server may startup but your application maynot.
Also you can check your system's java version by using below commands like:
java -version
javac -version
Both the versions should be matched. If you see any difference, change the necessary and rebuild your application and restart the server.

RESTEasy Asynchronous HTTP with Spring MVC

Is there any handy way to use RESTEasy Asynchronous HTTP support (in my case on Tomcat 6) in conjunction with the Spring MVC framework. I've found useful articles on using RESTEasy with Spring, but none that cover asynchronous support, which appears to be a bit of a thorn at present, due to requring a different Servlet class depending on the container (Tomcat6CometDispatcherServlet for Tomcat, for example).
Thanks,
FB
I have created a sample app using Comet, Bayeux, Java, Maven and a Raphael JS frontend and wrote a blog post about it, you can use it as a base for your app, just wrapping the current service code in REST.
http://geeks.aretotally.in/thinking-in-reverse-not-taking-orders-from-yo
Hopefully it will help you.
For anybody interested, I ended up having to use the Tomcat6CometDispatcherServlet in preference to the Spring DispatcherServlet to get my application working.
I still have the Spring ContextLoaderListener in place to create the various beans within my Application Context, but have to use less than ideal means of accessing these from within my Controller classes, which are now JAX-RS annotated rather than Spring MVC annotated. (There are various articles a quick Google will uncover on accessing the Spring context programmatically.)
Here's a cleaned up version of my web.xml (nothing earth-shattering, but perhaps it will have some useful hints for somebody!):
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>myapp</display-name>
<description>My App</description>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>myapp.root</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>TrustedIPFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>TrustedIPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>PollServlet</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.Tomcat6CometDispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>PollServlet</servlet-name>
<url-pattern>/poll/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/WEB-INF/jsp/uncaughtException.jsp</location>
</error-page>
</web-app>

Resources