I am using jQuery AJAX to submit a form to a Spring MVC controller in the backed. I am setting encoding on top of the jsp. In my request headers in Firebug I see -
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Type application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With XMLHttpRequest
However in my Spring MVC controller all the form values entered in Cyrillic turn into junk. And a twist to this is that this works fine in Safari but not in IE/FF/Chrome.
Any thoughts as to how I can set the correct encoding and prevent junk chars from getting submitted?
I found the solution to this problem. I had set the encoding on top of each jsp page. Yet it was not working. So I added a spring character encoding filter in the web.xml. This will ensure that the encoding is correctly in the request.
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Related
I have a webApp that is suppose to display unicode characters, which is not working with the default tomcat settings. The unicode characters are displayed as "??????". After looking into it I found a solution where adding an encodingFilter to web.xml fixes the problem.
But it creates another problem where the default tomcat landing page "localhost:8080" and all other services like "localhost:8080/manager" fail to resolve. I get a HTTP Status 404 – Not Found. Although by webapp is working properly "localhost:8080/myWebapp/servletName", URL with my webapp is resolved properly and the unicode characters are also displayed properly.
The filter that I added to web.xml is as follows
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I am pretty new to this so there must some very basic things that I don't understand. But any pointers would help.
I have done my RESTful Webservice along with the same project that implements Admin panel application. The problem i face is that the POST request comes to the application gets converted to GET.
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
When the filter got commented everything works as normal.
Other GET requests are having no problem in both case when filter is present or not.
error i get is
HTTP Status 405 - Request method 'POST' not supported
How can i override Spring security filter for my Web service ?
solved
Just un-comment any resource if you don't want authentication to be done on them
# spring security.xml file add the following.
<http pattern="/webservice/**" security="none"/>
I'm using the Liferay Portal 6.1.1 CE GA2.
After hours of research I got the following things to work:
Import from a LDAP-Server and custom mapping of an attribute to an usergroup.
Redirect to a specific page after login (based on the usergroup).
Authentication via CAS. This means getting a ServiceTicket and logging in the corresponding user.
Now I'm trying to obtain ProxyTickets so I can proxy to other applications behind the same CAS-Server.
I'm not really getting any error, but Mozilla gives me a redirection error, e.g. the page is redirected in such a way that it can never be loaded.
I googled a lot and tried different approaches but nothing helped.
My web.xml is configured as follows (I snipped out urls. If they're important I can hand them in later):
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>* snip */cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>* snip *</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>* snip */cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>* snip *</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>https://* snip */pgtCallback</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/pgtCallback</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/c/portal/login</url-pattern>
</filter-mapping>
I tried various combinations of the filter-mappings but nothing helped.
The output of the console in Eclipse hints that multiple consecutive requests are done. Each gets me a TGT, PGTIOU and PGT but after the ST is validated a new validation request is fired. This goes until Mozilla ends the redirect loop.
I also tried specifying service instead of serverName but all remains the same.
Setting the param redirectAfterValidation to false but then I get a MalformedURLException.
Hopefully I didn't forget any information, please help me.
Thanks in advance.
We're migrating from JBOSS 4.x to 5.1, and having problems with the character encodings.
Certain characters in the extended ASCII range were O.K. under the previous JBoss version, but with the new JBoss they cause problems (e.g., incomplete http responses).
The solution seems to be to use UTF-8, but the only way I've found to cause JBoss to send charset=UTF-8 in the Content-Type header is to specify this in the page directive of every JSP page. Otherwise the charset in the http response is specified as ISO-8859-1. I'd like to find a global solution to set the charset to UTF-8.
I've seen several other questions about character encoding with JBoss, but none seem to address the encoding of http responses.
I have tried without success:
in jboss/bin/run.bat, setting set "JAVA_OPTS=-Dfile.encoding=utf-8 %JAVA_OPTS%"
in jboss/server//deploy/jbossweb.sar/server.xml setting
I have used spring encoding filter to set the encoding:
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If you dont use spring, you will need a servlet filter that sets the encoding.
I have single sign on working beautifully, but single sign-out is not working.
The scenario is like this:
Open webapp1 and get redirected to CAS login page
Enter details and login
Open webapp2 which also uses CAS. Automatically logs in, as the user already signed in.
Log out of webapp1
Try to open webapp1 or webapp2 (in another tab) redirects you back to the login page.
However, the session to webapp2 in step 3 is not closed and the user can still use the application without any problems. How do I automatically invalidate the session when the user signs out?
The log off button for both applications first call session.invalidate() and then redirects to https://localhost:8443/cas/logout
The single sign out filter is the first filter in the web.xml file. I also have the SingleSignOutHttpSessionListener in web.xml.
Following is the extract from my web.xml
<!-- CAS settings -->
<!-- Use filter init-param if your container does not support context params.
CAS Authentication Filter and CAS Validation Filter need a serverName init-param
in lieu of a context-param definition. -->
<context-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</context-param>
<!-- Facilitates CAS single sign-out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--
CAS client filters
Single sign-out filter MUST come first since it needs to be evaluated
before other filters.
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!--
IMPORTANT:
Use Saml11AuthenticationFilter for version 3.1.12 and later.
Use org.jasig.cas.client.authentication.AuthenticationFilter for previous
versions.
-->
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- Leniency of time checking in ms when validating SAML assertions. Consider
setting this parameter more liberally if you anticipate system clock drift
on your application servers relative to the CAS server. The default is 1000
(1s) and at least one person had problems with drift at that small a tolerance
value. A good approach is to start low and then increase by 1000 as needed
until problems stop. Note that increasing this value may have negative security
implications. Consider fixing clock drift problems as an alternative. -->
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I also had another issue with standard CAS protocol, where single sign-out worked on an integration server but not from localhost.
Scenario
log into both http://my-app-dev/app and http://localhost:8080/app with CAS on http://my-cas/cas
log out of CAS http://my-cas/cas/logout
http://my-app-dev/app now bounces me to CAS
http://localhost:8080 - still logged in!
I suspect the reason is the CAS server couldn't send a sign-out message to localhost:8080 because localhost is resolved in the CAS server's context, so it doesn't actually talk to my local dev environment.
If you're using SAML 1.1 protocol be sure that you included the artifactParameterName parameter
https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>artifactParameterName</param-name>
<param-value>SAMLart</param-value>
</init-param>
</filter>
I had the same problem. We had a java and a php client. When I went to http://mycasserver/logout only the java client logged out.
For the single sign out to work in the php client, you have to change:
phpCAS::handleLogoutRequests();
for
phpCAS::handleLogoutRequests(false);
And Voila!
Refer to the documentation at phpCAS examples
I've had basically the same configuration for my application before I switched to the spring configuration. I had a look on the SVN and basically the only difference to your config is the use of the Single Sign Out Listener
listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
Could this work for you? Of course don't forget to add it on both WebApps if it works.
UPDATE:
I found the description of the listener in the docs, and it should do what's missing in your setting
You should verify that the CAS server can send a HTTP request to your webapp. Have a look in the logs of the CAS server.