I can't get ssi to work on Tomcat 5.5.27.
using standard ssi configuration and getting this in log
SEVERE: #include--Couldn't include file: /file/hi.html
java.io.IOException: Couldn't get context for path: /file/hi.html
I don't know what is the context.
Thanks for help
configuration
<servlet>
<servlet-name>ssi</servlet-name>
<servlet-class>
org.apache.catalina.ssi.SSIServlet
</servlet-class>
<init-param>
<param-name>buffered</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>expires</param-name>
<param-value>666</param-value>
</init-param>
<init-param>
<param-name>inputEncoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>outputEncoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>isVirtualWebappRelative</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
First of all, Tomcat 5.5 has not been supported by the ASF since 30 September 2012. You really need to upgrade. Further 5.5.27 was released in 2008 and there have been a lot of bug fixes and security fixes since then. More good reasons to upgrade.
With the minimal information you have provided (no details on how your app is deployed, no snippet showing the source that triggers this error) it looks like you are trying to do includes relative to the root of the web application without configuring the SSI servlet for that. Setting isVirtualWebappRelative to 1 should do the trick.
Related
I have a problem with Apache-Tomcat Servlet-mapping through url-pattern.
It has been working just fine till last year.
Very recently I tried to login and all of sudden 404 Not Found error showed up.
I still see all other pages fine. I don't know what has changed on server-side because I am borrowing a linux-server from vultr.
Since I haven't touched anything in my coding and everything looks fine to me, I have no clue.
It seems easy to solve for experts. Can anyone help me with this?
- Error Message
Not Found
The requested URL /login.do was not found on this server.
Apache/2.4.12 (Ubuntu) Server at xx.xx.xx.xx Port 80
Here xx is the ip address of my server
- tomcat/conf/server.xml
...
<Context path="" docBase="/.../tomcat/webapps/.../WebContent" reloadable="true"></Context>
...
- tomcat/conf/web.xml
...
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
...
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
...
- myapp/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>myapp</display-name>
...
<servlet>
<servlet-name>URIController</servlet-name>
<servlet-class>myapp.mvc.control.URIController</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>
/WEB-INF/commandHandler.properties
</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>URIController</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
...
- myapp/WEB-INF/commandHandler.properties
/login.do=myapp.mvc.command.Login
When I try to login, it says "The requested URL /login.do was not found on this server."
It has been working fine like this: when hitting "login" button, it passes the content in commandHandler.properties to the control class (myapp.mvc.control.URIController) and this class get the name of the login class (myapp.mvc.command.Login) in order to dispatch the request to the login class.
If this problem has something to do with Apache, I have no idea (no idea even what to show here) because it was done by a paid expert like 5 years ago.
Thanks a lot in advance !!
That is an httpd error message, not an Apache Tomcat one. It looks like something (can't tell what from the information provided) has broken the reverse proxy from httpd to Tomcat. You need to talk to whoever set up the reverse proxy for you.
I'm fairly new with Apache and Tomcat, so try to explain me the better you know :P I'm only working in local.
I have one application that needs Tomcat to execute Servlets, so I can type:
http://localhost:8080/rrcapp/xservlet?consult=list01
That works. I also have my webpage running with Apache 2.4, so I can type:
http://localhost:80/websrv/index.htm
That works too. The problem comes when in my index.htm serving in Apache, make a call in an Iframe with Chrome, to that Servlet, getting the error:
Refused to display ...in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I've read about setting in my httpd.conf to unset x-frame-options or setting with ALLOW-FROM but it seems just doesn't work with Chrome.
Then, I've read about CSP policies, but I cannot figure out how to set this kind of policy in mi httpd.conf so I can run servlets inside the iframe, inside my Apache server.
Can anyone help me with this?
Regards :)
EDIT 1:
Thanks Eddie James Carswell II I understood the error came from the Tomcat. I've read the document he showed me, and tried to configure my web.xml inside my /conf dir in Tomcat, this is the result:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://localhost:80/*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
I restarted the Tomcat server and tried again to load the Iframe and got another error:
Invalid 'X-Frame-Options' header encountered when loading 'http://localhost:8080/rrcapp/xservlet?consult=list01': 'ALLOW-FROM http://localhost:80/*' is not a recognized directive. The header will be ignored.
EDIT 2:
It seems it works on the most recent version of Firefox (57.0 Quantum) as well in IE 10 and EDGE. Still, it doesnt work with Chrome :P
Maybe ALLOW-FROM has some problems with Chrome, but if I'm not wrong, I cannot establish CSP directives in Tomcat. How can I resolve this on Chrome?
Any help here? :)
Thanks in advance
Firstly, I want to thanks to Eddie James Carswell II, who assisted me with this issue all the time, giving me very valuable tips.
Finally, I got it with Proxys via httpd. As stated in the article linked, uncommenting this lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
And then configuring my app directory in Apache:
ProxyRequests Off
ProxyPass /rrcapp http://localhost:8080
ProxyPassReverse /rrcapp http://localhost:8080
<Location "/rrcapp">
Order allow,deny
Allow from all
</Location>
Now, I can write in a JS call,. Example:
document.location = '/rrcapp/xservlet?consult=list01';
And access to my apps resources, located in Tomcat.
Why this solution? Its universal in every browser, and easy to configure.
Why not the other one? It worked on the most recent version of Firefox (57.0 Quantum) as well in IE 10 and EDGE. Still, it didn't work with Chromem, wich is the browser I use. The configuration anyways set up, was this in the web.xml in Tomcat directory.
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://localhost:80/*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Hope this helps in the future :)
Thanks Eddie!
I'm trying to add CAS as an authentication provider for OBIEE 11g.
up until now I've added the cas-client-core-3.2.1.jar jar to
$MW_HOME/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/
and configure
$MW_HOME/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/web.xml
with the the flowing elements:
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.0.117:8000/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://192.168.0.170</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.0.117:8000/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://192.168.0.170</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
this only applies to the WL console and not OBIEE application.
I'm redirected to the cas login however afterwords i'm still required to enter a console password, and the effective user will be the one from CAS.
any idea how to deploy CAS for the OBIEE application?
Thanks,
Shay
OK solved it,
had to unpack the analytics.ear file and from in it unpack the analytics.war
add the cas core jar to WEB-INF/lib
and add the XML from above to WEB-INF/web.xml
repack analytics.war, repack analytics.ear
restart weblogic.
in the EM->coreapplication->security enable SSO select generic SSO and set the login and logout urls
Note: we had an initialization block,that would fail if the user/password wouldn't authenticate, that had to be altered.
I'm using Jetty 6.1 together with PJL Compressing Filter.
Jetty removes the following header from the response:
Content-Encoding: gzip
This causes that most browsers cannot display the page anymore and show something like this:
Error 330 (net::ERR_CONTENT_DECODING_FAILED)
The Problem does not occur when I deploy my application on Tomcat 6.0. Also, if I disable the PJL Compressing Filter, the application works.
What can I do that Jetty leaves the header in the response?
make it sure you're using the last available jetty version.
It does work with this configuration for me:
<filter>
<filter-name>GzipFilter</filter-name>
<filter-class>org.eclipse.jetty.servlets.GzipFilter</filter-class>
<init-param>
<param-name>mimeTypes</param-name>
<param-value>text/html,text/plain,text/xml,application/xhtml+xml,text/css,application/javascript,application/json,image/svg+xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>GzipFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I've written a simple Front Controller for my Java EE application. This controller intercepts all the urls to redirect them to the corresponding method in the right class.
A typical url looks like this: http://domain.tld/appName/Controller/method
I'm facing 3 issues with tomcat at the moment:
If I try to access to my base url, http://domain.tld/appName/ (with or without the ending slash), my front controller isn't called and I've got a 404.
If I try to access to an url like this: domain.tld/appName/Controller/method/ (remark the ending slash) same thing than point number 1. But without the ending slash it works fine.
Finally, since all my requests are routing to my front controller I have to define all the static file to be served to the default servlet, in my web.xml. A less contraining and ugly solution would be nice.
Here is my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<servlet>
<servlet-name>FrontController</servlet-name>
<servlet-class>controllers.FrontController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpg</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
</web-app>
Add this to your web.xml file, before the first servlet:
<welcome-file-list>
<welcome-file>FrontController</welcome-file>
</welcome-file-list>
As said in comment, my FrontController was kinda ugly.
Rewriting it properly did the trick with the same web.xml.