This is my filter mapping in web.xml :-
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>login.LoginFilter</filter-class>
<init-param>
<param-name>test-param</param-name>
<param-value>This parameter is for testing.</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
my URL is like
"localhost:9966/RemindMe/"
When i paste this Url in browser doFilter method is calling many times.
This is my doFilter method :-
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
try {
HttpServletResponse response = (HttpServletResponse) res;
response.sendRedirect("./login.jsp");
return;
} catch (Exception e) {
System.out.println("Exception is " + e);
}
}
By "too many times" to you mean "infinite"?
Your filter redirects (the browser makes another request), which means your filter is hit, which means the browser makes another request, which means...
Related
I found that javax.servlet.http.HttpServletRequest.getRequestURL() behaves differently in 8.5.57 and 8.5.58. If I add a RemoteIpFilter setting to application's web.xml, the 8.5.57 getRequestURL returned https, while 8.5.58 returned http.
The environment is Azure WebApps.
The settings for web.xml are as follows.
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>x-forwarded-proto</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
The same thing happened between 9.0.37 and 9.0.38.
I couldn't determine which content was affected by the change history, so please let me know.
Best regards.
2021/11/15 Added
I added the following logic to check.
response.setContentType("text/html");
PrintWriter out = response.getWriter();
Enumeration e = request.getHeaderNames();
while (e.hasMoreElements()) {
String name = (String)e.nextElement();
String value = request.getHeader(name);
out.println(name + " = " + value + "<br>");
}
The Key that the value was set to is as follows.
cache-control, connection, accept, accept-encoding, accept-language, cookie, host, max-forwards, user-agent, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, upgrade-insecure-requests, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, x-waws-unencoded-url, client-ip, x-arr-log-id, disguised-host, x-site-deployment-id, was-default-hostname, x-original-url, x-forwarded-for, x-arr-ssl, x-forwarded-proto, x-appservice-proto, x-forwarded-tlsversion
I have a question in setting tomcat.
I want to show common error page when error occurs.
this is my client security needs.
But, if I access www.mydomain.com/..%5c, my common error page not works.
they show "HTTP ERROR 400 message".
I want to redirect my common error page..
this is my web.xml config.
<error-page>
<error-code>400</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.html</location>
</error-page>
And I add CATALINA_OPTS.
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
this option works in www.mydomain.com/%5c
but not working www.mydomain.com/..%5c
How can I redirect common error page when access www.mydomain.com/..%5c
You can try this program.
I think you can configure your filter in web.xml. In the filter you can implement the logic to process your request encoding and special characters, then redirect to the error page.
Configuration
<filter>
<filter-name>name</filter-name>
<filter-class>demoClass</filter-class>
</filter>
<filter-mapping>
<filter-name>name</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Class to be implemented
public class demoClass implements Filter {
#Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("----init----");
}
#Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//TODO code
}
#Override
public void destroy() {
System.out.println("----destory----");
}
}
My English is poor
I am using omnifaces extensionless URLS in my web application.
My web.xml is as below
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
<param-value>/*.xhtml</param-value>
</context-param>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Login.xhtml</welcome-file>
</welcome-file-list>
</web-app>
My filter clas is as below
#WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" })
public class AuthenticationFilter implements Filter {
#Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
try {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession ses = req.getSession(false);
String reqURI = req.getRequestURI();
System.out.println(reqURI);
if (reqURI.indexOf("/Login") >= 0
|| (ses != null && ses.getAttribute("user") != null)
|| (reqURI.indexOf("/ForgotPassword") >=0)
|| reqURI.contains("javax.faces.resource")) {
if ((reqURI.indexOf("/Login") >= 0 || (reqURI.indexOf("/ForgotPassword") >=0))
&& (ses != null && ses.getAttribute("user") != null)) {
System.out.println("Invalidating session");
ses.invalidate();
}
chain.doFilter(request, response);
} else {
res.sendRedirect(req.getContextPath() + "/Login");
}
} catch (Throwable t) {
System.out.println(t.getMessage());
}
} // doFilter
}
My requirement is that, if the user is logged in redirect him to all the pages except the Login and ForgotPassword pages. When the user is logged in and tries to access either of those pages, log him out and send him to the requested page. If the user is not logged in, all requests to Login and ForgotPassword pages should be allowed and access to any other page should redirect him to Login page.
The problem I am facing is that with the extensionless URLs, I can access a page with or without the .xhtml file extensions. The filter is invoked only when I access it using the extension. Without the extension, the filter is bypassed.
I am not sure what URL pattern to provide in the filter class to get it to process every request.
Kindly help.
Either, listen on all URLs:
#WebFilter(urlPatterns = "/*")
or, attach it to the FacesServlet:
#WebFilter(servletNames = "Faces Servlet")
(note that this way the filter thus doesn't run when the URL doesn't hit the FacesServlet)
I have a Jersey 2.x servlet running under Glassfish 4.0. There is a method that processes a form submission:
#POST
#Consumes(MediaType.APPLICATION_FORM_URLENCODED)
#Path("/{serial}")
public Response saveUnit(....) { ... }
I get the message "A servlet request to the ... contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters."
However, I don't have any filters defined. Other than whatever Glassfish and Jersey do by default.
I do however have a listener defined (which I had forgotten about).
I suspect this is why my attempt to use MultivaluedMap isn't working.
Any ideas what is consuming the request?
Here is the Jersey method:
#POST
#Consumes(MediaType.APPLICATION_FORM_URLENCODED)
#Path("/{unitid}")
public Response saveUnit(#PathParam("unitid")int unitId, #Context UriInfo uri) {
MultivaluedMap<String, String> queryParams = uri.getQueryParameters();
for (String k:queryParams.keySet()) {
logger.info(k);
}
return Response.ok().build();
}
The map queryParams is empty.
Here is my web.xml.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<servlet>
<servlet-name>mycompany.ApplicationConfig</servlet-name>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>mypackage</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mycompany.ApplicationConfig</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
<listener-class>mycompany.ServletContextClass</listener-class>
</listener>
</web-app>
To get to the received form parameters in your resource method change the signature of the method to:
public Response saveUnit(#PathParam("unitid") int unitId,
final javax.ws.rs.core.Form form) {
...
}
or
public Response saveUnit(#PathParam("unitid") int unitId,
final MultivaluedMap<String, String> formData) {
...
}
Jersey will fill the values.
With your approach you're asking Jersey to return a map of query params (which are part of URI and assuming from the question you want Form params).
I have a web application running on:
Wildfly Beta 1
JSF Mojarra 2.2.3 (from Wildfly)
Primefaces 4.0
rewrite-servlet-2.0.7.Final / rewrite-config-prettyfaces-2.0.7.Final
commons-io-2.4 / commons-fileupload-1.3
And I have problem with file upload component (advanced and simple mode doesn't work, never print inside upload()).
Same is even run without rewrite-servlet-2.0.7.Final/rewrite-config-prettyfaces-2.0.7.Final libs.
My upload.xhtml file:
<h:form prependId="false" id="formLateralUpload" enctype="multipart/form-data">
<h:panelGrid columns="1" cellpadding="5">
<p:fileUpload mode="advanced" multiple="true" update="#widgetVar(msg)"
fileUploadListener="#{test.upload}" auto="true" sizeLimit="10500000"/>
</h:panelGrid>
</h:form>
My bean:
#ManagedBean(name = "test")
#ViewScoped
public class Test {
private UploadedFile file;
public UploadedFile getFile() {
return file;
}
public void setFile(UploadedFile file) {
this.file = file;
}
public void upload(FileUploadEvent event) {
System.out.println("inside upload()");
}
}
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="test"
version="3.1">
<display-name>test</display-name>
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>true</param-value>
</context-param>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/redirect</location>
</error-page>
</web-app>
I have the same issue with Wildfly 8.1, PrimeFaces 5.1, Pretty faces and file upload. There is a HACK to make this work in Tomcat, but I can't find one in undertow. PrettyFaces appears to be doing something bad to multipart post requests that prevents them from working correctly... They seem to be pushing it back to Undertow/Wildfly because the hack exists in Tomcat instead of fixing the actual issue.
Wildfly Discussion: http://ocpsoft.org/support/topic/pretty-primefaces-fileupload/
Tomcat Hack: http://ocpsoft.org/support/topic/split-prettyfaces-anchor-with-primefaces-file-upload-not-working/
I'm road blocked on this and I can't really extract either PrettyFaces, PrimeFaces-Fileupload (I need background ajax/html5 uploading) or Wildfly... Anyone with a suggestion other than "use an iframe/simple mode" would be much appreciated.