Captcha text generated by nl.captcha.servlet.CaptchaServlet doesn't allign center.Changing css of tag doesn't work also.Is there any parameter like "align-text"?
<servlet>
<servlet-name>Captcha</servlet-name>
<display-name>Captcha</display-name>
<servlet-class>nl.captcha.servlet.CaptchaServlet</servlet-class>
<init-param>
**<param-name>align-text</param-name>
<param-value>center</param-value>**
</init-param>
</servlet>
Related
I have followed Alfodoo documentation to integrate Alfresco with odoo, everything seems to work fine :
When I click on "Create folder in DMS" although a folder is created in alfresco an error is raised:
and no buttons to import files are showing, unless i refresh the page:
Here is my alfresco-global.properties:
# CMIS #
alfresco.restApi.basicAuthScheme=true
opencmis.context.override=true
opencmis.context.value=
opencmis.servletpath.override=true
opencmis.servletpath.value=
opencmis.server.override=true
opencmis.server.value=http://192.168.0.141:8080/alfresco/api/
Here is my web.xml for enabling CORS:
<!-- CORS Filter Begin -->
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type, range</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Accept-Ranges, Content-Encoding, Content-Length, Content-Range</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<!-- CORS Filter End -->
<!-- CORS Filter Mappings Begin -->
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/api/*</url-pattern>
<url-pattern>/service/*</url-pattern>
<url-pattern>/s/*</url-pattern>
<url-pattern>/cmisbrowser/*</url-pattern>
<url-pattern>/definitions/*</url-pattern>
</filter-mapping>
<!-- CORS Filter Mappings End -->
[EDIT]:
CMIS configuration in Odoo:
I try to solve the error 403 Forbidden that I get when sending requests to my GeoServer. To debug the process, I use Network tab from Inspect option in Chrome (I also tried Firefox). This is the error that I see in the Network tab.
XMLHttpRequest cannot load
http://localhost:8080/geoserver/square/ows?service=WFS&version=1.1.0&requ…ture&typeName=square:InformationStores&outputFormat=application%2Fjson.
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:5601' is therefore not allowed
access. The response had HTTP status code 403.
My GeoServer 2.10.4 is CORS enabled according to multiple tutorials that I found on this topic. However, the error message that I receive seems to be related to proxy.
I spent so much time trying to solve this issue, so finally, I am absolutely lost. I tried a lot of things, but nothing has worked.
This is the configuration file of GeoServer to which I send request:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app>
<display-name>GeoServer</display-name>
<context-param>
<param-name>serviceStrategy</param-name>
<!-- Meaning of the different values :
PARTIAL-BUFFER2
- Partially buffers the first xKb to disk. Once that has buffered, the the
result is streamed to the user. This will allow for most errors to be caught
early.
BUFFER
- stores the entire response in memory first, before sending it off to
the user (may run out of memory)
SPEED
- outputs directly to the response (and cannot recover in the case of an
error)
FILE
- outputs to the local filesystem first, before sending it off to the user
-->
<param-value>PARTIAL-BUFFER2</param-value> </context-param>
<context-param>
<!-- see comments on the PARTIAL-BUFFER strategy -->
<!-- this sets the size of the buffer. default is "50" = 50kb -->
<param-name>PARTIAL_BUFFER_STRATEGY_SIZE</param-name>
<param-value>50</param-value> </context-param>
<!--Can be true or false (defaults to: false). --> <!--When true the JSONP (text/javascript) output format is enabled --> <!-- <context-param>
<param-name>ENABLE_JSONP</param-name>
<param-value>true</param-value> </context-param> -->
<!--
<context-param>
<param-name>PROXY_BASE_URL</param-name>
<param-value>http://localhost/geoserver</param-value>
</context-param>
-->
<!--
<context-param>
<param-name>GEOSERVER_DATA_DIR</param-name>
<param-value>C:\eclipse\workspace\geoserver_trunk\cite\confCiteWFSPostGIS</param-value>
</context-param> -->
<!-- pick up all spring application contexts -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/applicationContext.xml classpath*:/applicationSecurityContext.xml</param-value>
</context-param>
<filter>
<filter-name>FlushSafeFilter</filter-name>
<filter-class>org.geoserver.filters.FlushSafeFilter</filter-class>
</filter>
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>SessionDebugger</filter-name>
<filter-class>org.geoserver.filters.SessionDebugFilter</filter-class>
</filter>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class> org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>xFrameOptionsFilter</filter-name>
<filter-class>org.geoserver.filters.XFrameOptionsFilter</filter-class>
</filter>
<filter>
<filter-name>GZIP Compression Filter</filter-name>
<filter-class>org.geoserver.filters.GZIPFilter</filter-class>
<init-param>
<!-- The compressed-types parameter is a comma-separated list of regular expressions.
If a mime type matches any of the regular expressions then it will be compressed.
-->
<param-name>compressed-types</param-name>
<param-value>text/.*,.*xml.*,application/json,application/x-javascript</param-value>
</init-param> </filter>
<filter>
<filter-name>Request Logging Filter</filter-name>
<filter-class>org.geoserver.filters.LoggingFilter</filter-class>
<init-param>
<!-- The 'enabled' parameter is a boolean value, "true" (case-insensitive) for true or
any other value for false. If enabled, then the logging will be performed;
otherwise the logging filter will have no effect. If not specified, this
parameter defaults to false.
-->
<param-name>enabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<!-- The 'log-request-bodies' parameter is a boolean value, "true" (case-insensitive) for
true or any other value for false. If enabled, then the logging will include the body
of POST and PUT requests. If not specified, this parameter defaults to false.
Note that this may noticeably degrade responsiveness of your geoserver since it will
not begin to process requests until the entire request body has been received by the
server.
-->
<param-name>log-request-bodies</param-name>
<param-value>false</param-value>
</init-param> </filter>
<filter>
<filter-name>Advanced Dispatch Filter</filter-name>
<filter-class>org.geoserver.platform.AdvancedDispatchFilter</filter-class>
<!--
This filter allows for a single mapping to the spring dispatcher. However using /* as a mapping
in a servlet mapping causes the servlet path to be "/" of the request. This causes problems with
library like wicket and restlet. So this filter fakes the servlet path by assuming the first
component of the path is the mapped path.
--> </filter>
<filter>
<filter-name>Spring Delegating Filter</filter-name>
<filter-class>org.geoserver.filters.SpringDelegatingFilter</filter-class>
<!--
This filter allows for filters to be loaded via spring rather than
registered here in web.xml. One thing to note is that for such filters
init() is not called. INstead any initialization is performed via spring
ioc.
--> </filter>
<filter>
<filter-name>Thread locals cleanup filter</filter-name>
<filter-class>org.geoserver.filters.ThreadLocalsCleanupFilter</filter-class>
<!--
This filter cleans up thread locals Geotools is setting up for concurrency and performance
reasons
--> </filter> <!-- Uncomment following filter to enable CORS --> <filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
</filter>
<!--
THIS FILTER MUST BE THE FIRST ONE, otherwise we end up with ruined chars in the input from the GUI
See the "Note" in the Tomcat character encoding guide:
http://wiki.apache.org/tomcat/FAQ/CharacterEncoding
-->
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Uncomment following filter to enable CORS -->
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>FlushSafeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SessionDebugger</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>GZIP Compression Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>xFrameOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Request Logging Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
If you want to use your security system comment out this one too
-->
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Advanced Dispatch Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring Delegating Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Thread locals cleanup filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- general initializer, should be first thing to execute -->
<listener>
<listener-class>org.geoserver.GeoserverInitStartupListener</listener-class>
</listener>
<!-- logging initializer, should execute before spring context startup -->
<listener>
<listener-class>org.geoserver.logging.LoggingStartupContextListener</listener-class>
</listener>
<!-- spring context loader -->
<listener>
<listener-class>org.geoserver.platform.GeoServerContextLoaderListener</listener-class>
</listener>
<!-- http session listener proxy -->
<listener>
<listener-class>org.geoserver.platform.GeoServerHttpSessionListenerProxy</listener-class>
</listener>
<!-- request context listener for session-scoped beans --> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener>
<!-- spring dispatcher servlet, dispatches all incoming requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<!-- single mapping to spring, this only works properly if the advanced dispatch filter is
active -->
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>xsl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sld</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>json</extension>
<mime-type>application/json</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
Please see my answer to this question.
Instead of adding to the web.xml, simply uncomment the two CORS related blocks that are already in there.
I am using JSF 2.0.3 and Servlet 2.5., tomahawk20 (1.1.10). I followed the steps recommended by Balu C in other articles. But when I submit the buttom(after selecting the file), I am getting null value for "UploadedFile" instance. I checked my ExtensionsFilter configuration in web.xml, but no luck. Can you please help?
My Manages bean:(IN session Scope)
-------------------
private UploadedFile uploadedFile;
public UploadedFile getUploadedFile() {
return uploadedFile;
}
public void setUploadedFile(UploadedFile uploadedFile) {
this.uploadedFile = uploadedFile;
}
public String submitStep2() {
System.out.println("File type: " + uploadedFile.getContentType());
// <---- NULL POINTER here, because uploadedFile instance is null-->
}
web.xml
<filter>
<filter-name>ExtensionsFilter</filter-name>
<filter-class>
org.apache.myfaces.webapp.filter.ExtensionsFilter
</filter-class>
<init-param>
<description>
Set the size limit for uploaded files.
Format: 10 - 10 bytes
10k - 10 KB
10m - 10 MB
1g - 1 GB
</description>
<param-name>uploadMaxFileSize</param-name>
<param-value>10m</param-value>
</init-param>
<init-param>
<description>
Set the threshold size - files below this limit are stored
in memory, files above this limit are stored on disk.
Format: 10 - 10 bytes
10k - 10 KB
10m - 10 MB
1g - 1 GB
</description>
<param-name>uploadThresholdSize</param-name>
<param-value>10k</param-value>
</init-param>
<init-param>
<description>
Set the path where the intermediary files will be stored.
</description>
<param-name>uploadRepositoryPath</param-name>
<param-value>/temp</param-value>
</init-param>
</filter>
<filter>
<filter-name>ExtensionsFilter</filter-name>
<filter-class>
org.apache.myfaces.webapp.filter.ExtensionsFilter
</filter-class>
<init-param>
<description>
Set the size limit for uploaded files.
Format: 10 - 10 bytes
10k - 10 KB
10m - 10 MB
1g - 1 GB
</description>
<param-name>uploadMaxFileSize</param-name>
<param-value>10m</param-value>
</init-param>
<init-param>
<description>
Set the threshold size - files below this limit are stored
in memory, files above this limit are stored on disk.
Format: 10 - 10 bytes
10k - 10 KB
10m - 10 MB
1g - 1 GB
</description>
<param-name>uploadThresholdSize</param-name>
<param-value>10k</param-value>
</init-param>
<init-param>
<description>
Set the path where the intermediary files will be stored.
</description>
<param-name>uploadRepositoryPath</param-name>
<param-value>/temp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ExtensionsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:t="http://myfaces.apache.org/tomahawk"
xmlns:f="http://java.sun.com/jsf/core" xml:lang="en" lang="en">
<f:view>
<h:head>
...
</h:head>
<h:body>
...
Choose File:
<t:inputFileUpload id="file" value="#{createMB.uploadedFile}" required="true" />
<br />
<h:commandButton value="Submit" action="#{createMB.submitStep2}" />
....
Most obvious would be that you forgot to add the attribute enctype="multipart/form-data" to the h:form tag.
Example:
<h:form id="uploadForm" enctype="multipart/form-data"> .... </h:form>
This of course is just a guess, as this part is not provided in your code snippet.
I'm trying to set up a web application based on glassfish 3.1 + JSF2. The authorization is performed using a CAS server installing the jasig cas client in the web app as suggested here:
Configuring the JA-SIG CAS Client for Java in the web.xml
and I'm able to catch the principal object inside an EJB when the user is authenticated.
CAS principal attributes comes from LDAP on Active Directory. Now how can I add authorization?
How can I enable the access of certain web pages only to specific groups of users defined in AD?
The purpose is just to let users access different web pages according to their LDAP roles.
I've tried to follow Securing Web Applications from the Java EE tutorial and my web.xml is
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://casserver:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://casserver:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!--
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
-->
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Pagina di user</display-name>
<web-resource-collection>
<web-resource-name>index1</web-resource-name>
<description>ristretto a user</description>
<url-pattern>/faces/index.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>user only</description>
<role-name>AMP-User</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Pagina di profile</display-name>
<web-resource-collection>
<web-resource-name>index2</web-resource-name>
<description>risretto a profile</description>
<url-pattern>/faces/index_2.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>profile only</description>
<role-name>AMP-Profile</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>utente generico</description>
<role-name>AMP-User</role-name>
</security-role>
<security-role>
<description>Utente di alto profilo</description>
<role-name>AMP-Profile</role-name>
</security-role>
I've then assigned the roles to my LDAP groups in glassifh-web.xml
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>AMP-Profile</role-name>
<group-name>AMP-Profile</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>AMP-User</role-name>
<group-name>AMP-User</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
The problem is that when I access to the page index.xhtml a form is asking me to authenticate but the authentication should be done by the CAS server. Anyway I cannot authenticate.
How can I use CAS authentication and map LDAP groups to roles?
You can use the security annotations (JSR 250, javax.security.annotations), to define role based access control:
#Stateless
#DeclareRoles({"admin", "users"})
public class HelloEJB implements Hello {
#PermitAll
public String hello(String msg) {
return "Hello, " + msg;
}
#RolesAllowed("admin")
public String bye(String msg) {
return "Bye, " + msg;
}
}
Slightly adapted example from the first link below
Here I declared the roles first, using #DeclareRoles. #PermitAll grants access to all authenticated users, while #RolesAllowed only grants access to the mentioned roles.
You will need to set up roles in your deployment descriptors and in glassfish as well. I found this article very helpful. The Glassfish Server Security Guide goes through the details. You also might want to check out this question. If you run into some problems, ask back here on SO.
i given my sample code to get the HTTP Status 404 - /AdminLoginAction error
adminLogin.jsp
<form action="/AdminLoginAction">
struts-config.xml
<form-beans>
<form-bean name="AdminLoginAction" type="edu.form.AdminLogin" />
</form-beans>
<
<action-mappings>
<action name="AdminLoginAction" path="/AdminLoginAction" type="edu.actions.AdminLoginAction" scope="request">
<forward name="success" path="/success.jsp"></forward>
</action>
</action-mappings>
It is likely that this is a problem from web.xml. In there you have to have declared the Struts ActionServlet:
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
Now that your servlet container knows about the ActionServlet, all there is to do is add a <servlet-mapping> element for it:
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>...</url-pattern>
</servlet-mapping>
First thing, check your <url-pattern>.
Secondly, just as a quick test, add an extension to your action (<form action="/AdminLoginAction.do">) and a pattern <url-pattern>*.do</url-pattern> and see if it works.
Also, not sure how your app is set up, but are you sure about that leading slash (/) in you action? Maybe its <form action="/yourAppContext/AdminLoginAction">?