Preventing Proxy Servers From Hitting JSP Pages?
Hi All, Every day I get hundreds of hits on my JSP pages from proxy servers who are trying to determine if the links are still good. This is great for my static pages, but on pages with forms and processing logic it causes havoc. For example, if I have 3 pages of forms and the final page adds something to my database, hitting just the second page throws errors. I know that there is a pragma directive I need to add to each page, but isn't there also something that can be added to the HTTP header each time. And if so, what is the easiest way to add this to every outgoing header? Thanks, David M Rosner
Overide encodeURL()
Hi All,
My application has already been coded to use the encodeURL() method for all
URL references within all of the JSP pages. I now have a need to take the
output of encodeURL() and add additional text to it. Is it possible to
write my own version of encodeURL() that will call the request.encodeURL()
method and then pass the output back to the JSP page?
For example I would have the following on a JSP page:
%= response.encodeURL( /SomePage.jsp) %
Then I would have a class called response with a static method called
encodeURL() which may look like this:
static String encodeURL( String location ) {
String strTemp = response.encodeURL( location );
doStuff( strTemp );
return strTemp;
}
Due to the fact that I don't fully understand the Jakarta architecture
perhaps this isn't possible? Any ideas?
RE: Overide encodeURL()
Hello,
Yes, I was hoping I could do this just like i've modified the
SessionInterceptor, but the problem is I need to modify the response - not
the request. Am I assuming correctly that interceptors can only modify
requests and not responses?
The actual implementation of encodeURL is done in the
HttpServletResponseFacade - I guess I can just change that code and deploy
it with all my Jakarta builds. But it would be better if I had my own
HttpServletResponseFacade that extended the functionality of the default
class. This way I could keep it with my application files and not have to
worry about later Jakarta upgrades. Problem is I can't get it to compile
outside of the facade package.
So my question is - what is the correct approach and procedure for
replacing/extending classes in the facade package?
At 04:28 PM 6/11/2001, Filip Hanik wrote:
it is possible if you change the source code yourself.
you can read a little bit about the architecture at
http://www.filip.net/tomcatbook/TomcatInterceptors.html
this is focused on the interceptors though
Filip
~
Namaste - I bow to the divine in you
~
Filip Hanik
Software Architect
[EMAIL PROTECTED]
www.filip.net
-Original Message-
From: David M. Rosner [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 11, 2001 12:39 PM
To: [EMAIL PROTECTED]
Subject: Overide encodeURL()
Hi All,
My application has already been coded to use the encodeURL()
method for all
URL references within all of the JSP pages. I now have a need to take the
output of encodeURL() and add additional text to it. Is it possible to
write my own version of encodeURL() that will call the request.encodeURL()
method and then pass the output back to the JSP page?
For example I would have the following on a JSP page:
%= response.encodeURL( /SomePage.jsp) %
Then I would have a class called response with a static method called
encodeURL() which may look like this:
static String encodeURL( String location ) {
String strTemp = response.encodeURL( location );
doStuff( strTemp );
return strTemp;
}
Due to the fact that I don't fully understand the Jakarta architecture
perhaps this isn't possible? Any ideas?
Sending all traffic to 1 JSP
Hello, Is it possible to configure jakarta so that no matter what the URL is, a specific JSP is always called instead? So the user can enter any URL into the browser for my domain, but my 1 JSP page will always be called anyway? Thanks -dave
RE: Sending all traffic to 1 JSP
That is a good solution, but i'm actually going to need other webapps on the server NOT use this 1 JSP. Can I have a different RequestInterceptor for 1domain and have other domains servered out by Jakarta use the default RequestInterceptor? Also - i'm not sure I understand your suggested approach for configuring this in a property file. Can you please expand? Thanks! -dave At 10:04 AM 6/6/2001, Michael Wentzel wrote: Is it possible to configure jakarta so that no matter what the URL is, a specific JSP is always called instead? So the user can enter any URL into the browser for my domain, but my 1 JSP page will always be called anyway? One way is writing your own RequestInterceptor which redirs on all requests != the desired JSP. As a side note... if done this way may I suggest configuring this in a props file to remove the need for a recompile if things should change in the future. --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com
Using JSP regardless of URL?
Hi All, I would like one of my domains to always use a particular JSP page regardless of the URL the user enters. For instance if they hit any of the following URLs yhey will all actually hit a page called HandleRequest.jsp : http://mydomain.com/any/page/will/do/bob.jsp http://mydomain.com/SomeOtherPage.jsp http://mydomain.com/something/else.jsp Firstly , is this possible, and secondly, can I do this for certain domains? I know I can probably do this with Apache's mod_rewrite, but that's a can of worms I'd rather not open. Thanks! -dave
Re:Problems replacing SessionInterceptor
Hello, When I place all of my class files into a jar file and then move the jar file to the tomcat lib directory Tomcat can load my SessionInterceptor class. BUT, when i do this it appears that the jar files in my WEB-INF/lib directory are NOT loaded. Do I have to put everything (all classes and supporting jar files) into the Tomcat lib directory? thanks At 07:34 PM 5/17/2001, Twylite wrote: Hi, I've written my own version of the SessionInterceptor and placed this with my application class files (com.myapp.uril.SessionInterceptor). I updated the server.xml file to point to my version of the class instead of Tomcats by updating the following: RequestInterceptor className=com.myapp.util.SessionInterceptor noCookies=false / Unless I'm mistaken you're going to need your class files in tomcat's lib directory, or in your Java class path before you start tomcat. Anything in server.xml is server-wide, and must be available to Tomcat when you start the server. Anything in web.xml is context-wide, and must be available to the context when you first access it. Twylite
Problems replacing SessionInterceptor
Hello, I've written my own version of the SessionInterceptor and placed this with my application class files (com.myapp.uril.SessionInterceptor). I updated the server.xml file to point to my version of the class instead of Tomcats by updating the following: RequestInterceptor className=com.myapp.util.SessionInterceptor noCookies=false / This works fine on my development box, but on my production box I get an error on startup claiming it can not find the class. In the production environement we use directories under the webapps: Context path=/ docBase=webapps/app-010517a crossContext=false debug=0 reloadable=false /Context Is there something else I need to do to get Tomcat to use my version of the SessionInterceptor? Thanks, -dave
How does RequestInterceptor work?
Hello, I have a package that I've placed in a JAR file within the $TOMCAT_HOME/lib directory. Then I updated the server.xml file to use a class file within this package instead of the default Tomcat version. Yet, when i run tomcat I get a 'ClassNotDefined' exception. What do I need to do to get Tomcat to recognize a class that I define within a RequestInterceptor block in the server.xml file? Is there any documentation out there that explains how the server.xml file is used? Thanks!
Re: Add logic to session tracking?
.. As long as you know this is not standard :-), you will have to make some changes to the session interceptor or create a new one. In 3.3, the code is in modules.session.SessionId, you should probably create a new module, add an option and code that supports what you need, and maybe publish the changes for others :-) I don't think this can be commited in jakarta-tomcat, as it is not standard and it's not a required feature, but it would be nice to have it somewhere. Costin Hi - thanks for the response. After some research I found that I could rewrite my own request.SessionInterceptor and change the server config to use this instead of the one in Tomcat. All I needed to do was add an additional cookie to be set in the beforeBody() method. This works great and allows me to set an additional cookie with a server name in it. The problem i'm now having is getting that server name/value to be written in the URL if cookies are shut off. Any ideas what I need to do to get that to work. Just changing the contextMap() method doesn't seem to make it work. I'm using 3.2.2 Thanks -dave
Modify Session Cookie?
Hi All, Is there a way to modify the name of the cookie that Tomcat uses to set the session id? Or, is there a way to add another cookie to be automatically set? I'd rather not update every single page in my system to return this cookie. thanks, -dave
Add logic to session tracking?
Hello All, As a developer using Tomcat, is there anyway to override or add logic to parts of Tomcat's session tracking/setting mechanisms? Or do I need to get my hands on the source code, make changes, and then recompile? Basically I want to add my own session tracking ALONG with Tomcat's so that my network load balancer can use the values to create sticky sessions. Thanks
RE: Why Use apache
If I have all my static html and graphics loading off of other servers, is there any reason to use Apache with Tomcat? Is the combination more stable or is performance better with both running? thanks -dave At 11:00 AM 5/2/2001, Ronan Derby wrote: tomcat isn't as good as apache at serving static html files and images. also, with apache up and running you can do other stuff like execute cgi scripts and so on. -Original Message- From: Skinner, Dallas M [mailto:[EMAIL PROTECTED]] Sent: 02 May 2001 15:48 To: [EMAIL PROTECTED] Subject: Why Use apache Excuse me if this question is obvious. If Tomcat can be run in a standalone mode, why should it be used in conjunction with apache? Thanks Dallas Skinner
Cookie name path is a reserved token??
Hi All, In my stderr of my Tomcat server I am getting the following exception 'Cookie name path is a reserved token'. The pages it is throwing this on are called thousands of times a day, but it appears that this error only occurs now and then. Does anyone know what would cause this exception? Thanks, -dave 2001-04-25 11:38:33 - Ctx( ): Exception in: R( + /rec/help/contact.jsp + null) - java.lang.IllegalArgumentException: Cookie name path is a reserved token at javax.servlet.http.Cookie.init(Cookie.java:185) at org.apache.tomcat.util.RequestUtil.processCookies(RequestUtil.java:189) at org.apache.tomcat.core.RequestImpl.getCookieCount(RequestImpl.java:494) at org.apache.tomcat.session.StandardSessionInterceptor.requestMap(StandardSessionInterceptor.java:145) at org.apache.tomcat.core.ContextManager.processRequest(ContextManager.java:820) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:771) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484)
Short Reads?
Hi All, In checking my stderr.log file from Tomcat I find lots of 'short read' exceptions. Looks like this happens prior to my code getting called. Does anyone know what these errors are? I've listed the output below. Thanks, -dave 2001-04-23 06:44:51 - Ctx( ): Exception in: R( + /irec/ReferralReferValidate.jsp + null) - java.lang.IllegalArgumentExcept ion: Short Read at javax.servlet.http.HttpUtils.parsePostData(HttpUtils.java:238) at org.apache.tomcat.util.RequestUtil.readFormData(RequestUtil.java:101) at org.apache.tomcat.core.RequestImpl.handleParameters(RequestImpl.java:691) at org.apache.tomcat.core.RequestImpl.getParameterValues(RequestImpl.java:259) at org.apache.tomcat.core.RequestImpl.getParameter(RequestImpl.java:250) at org.apache.tomcat.facade.HttpServletRequestFacade.getParameter(HttpServletRequestFacade.java:222) at org.apache.jasper.servlet.JspServlet.preCompile(JspServlet.java:326) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:370) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405) at org.apache.tomcat.core.Handler.service(Handler.java:287) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484)
HTTP Referer Field Not Appearing
Hi All,
For some reason I can't get the Referer header field from any of my JSP
pages. I'm using the following code:
String strReferringURL = request.getHeader( "referer" ) ;
I also tried looking at all of the headers in the request, but it doesn't
look like this is including all of the headers:
for (Enumeration e = request.getHeaderNames() ; e.hasMoreElements() ;) {
Log.getInstance().logError( (String) e.nextElement() );
}
Is this because my browser is not sending all of the fields (including
referrer), or could it be the way that I have Tomcat configured?
Thanks!
-dave
Weird Cookie Behavior
Hi All,
I have a jsp that sets a cookie named 'riCookie'. For some reason this
cookie will not be sent to the browser unless I set an additional cookie
after that. Here is the code:
This doesn't work:
%
response.addCookie( new Cookie("riCookie", "DATA" ) ) ;
response.sendRedirect( "/someOtherPage.jsp" );
%
But this does work:
%
response.addCookie( new Cookie("riCookie", "DATA" ) ) ;
response.addCookie( new Cookie("Something", "More DATA" ) ) ;
response.sendRedirect( "/someOtherPage.jsp" );
%
Any idea why? I tried other names with the word 'Cookie' in them and they
seem to work as well.
Thanks for any help,
-dave
RE: Fed up to the back teeth with tomcat !!!
Hi All, We've been running Tomcat for over 6 months on several farmed servers (linux) without any major problems. We serve out hundreds of thousands of JSPs a day and some days it crosses millions. We normally do monthly reboots of the server, but we do restart Apache every hour and only restart Tomcat when releasing new builds. I have seen the servers come to a halt, but this is usually caused by our db connections being held up. When that happens the Tomcat processes escalate 400, and then the Apache processes escalate 500. This brings the machine to its knees. Fixing db bottlenecks and taking all static content off the application servers fixed those problems. Maybe we've just been lucky... - dave At 04:12 PM 4/11/2001, Brandon Cruz wrote: So the only success story we have is someone that reboots their server every 5-6 days anyway. Could this problem be related to the previous message sent by George? paste hi, i'm using tomcat with apache on RedHat 7.0 i'm using a WebPerformance software to test my webpage with multiple users (100 users) in the beginning it all works good but after about 15 minutes of stress test i start getting this error with tomcat . *** HANDLER THREAD PROBLEM: java.lang.NullPointerException java.lang.NullPointerException at org.apache.tomcat.service.connector.AJP12ResponseAdapter.sendStatus(Ajp12Con nectionHandler.java:439) at org.apache.tomcat.service.http.HttpResponseAdapter.endHeaders(HttpResponseAd apter.java(Compiled Code)) at org.apache.tomcat.core.BufferedServletOutputStream.sendHeaders(BufferedServl etOutputStream.java:127) at org.apache.tomcat.core.BufferedServletOutputStream.reallyFlush(BufferedServl etOutputStream.java(Compiled Code)) at org.apache.tomcat.core.ResponseImpl.finish(ResponseImpl.java(Compiled Code)) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection (Ajp12ConnectionHandler.java:158) at org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.java(Com piled Code)) *** Does anyone know what may have caused this error and is there anyway to fix it ? thanks Georges /paste -Original Message- From: Andy C [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 11, 2001 3:12 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Fed up to the back teeth with tomcat !!! I am fed up to the back teeth with Tomcat under Apache. I'm trying to run a 24/7 web page servinbg around 20,000 .jsp pages a day and I'v ehad to reset the damn server 3 times today already. It keeps falling over with absolutly no error *** log messages at all. I am at my wits end, not to mention my poor users who have had to put up with this service for the past month. I am totaly lost now as to where to look for solutions So can someone please recomend a good webserver that will run .jsp and servlets pages and integrates well with a SQL server ? I used to run Java Webserver 2.0 would going back to that help ? Andy C Editor R2 Project http://www.r2-dvd.org (lets hopr you don't see a 500 internal error message.)
Using session id for load balancing
Hi All, We use a Foundry Server Iron switch to load balance our Tomcat application servers. I recently discovered that it uses IP addresses to determine which server to send the user back to. Problem is many networks may use different IP addresses for a single client for different requests. The way around this is to configure my Server Iron to use the cookie that Tomcat sets (jspsession) to determine which server to send the user to. But if the user has shut off cookies then Tomcat will revert to URL rewriting. My question is, how can I setup Tomcat so that even if it is using URL rewriting on a session it will attempt to write the cookie anyway? Also, I'd be interested in hearing other solutions from anyone else who is using a load balancer. Thanks!
Re: sendRedirect problem on IE
Hi, I had reports from a small percentage of people (all IE users) that they were hitting our JSP pages and seeing the text of the JSP file instead of the compiled and executed results of the page. We upgraded to the last version (3.2.2 i think) and the problem went away. hopefully this will solve your problem -dave At 03:30 PM 4/9/2001, you wrote: I've seen this posted before, but none of the proposed solutions has worked for me. I am using a sendRedirect if a user is not logged in. When I use IE, it displays output from the original file (after where the re-direct would have taken place) and from the page it was redirected to. If I hit refresh, it is fine. The included file that does the redirect is the first line of my JSP file so there is no other output from the JSP before the redirect. I have also tried adding a return after the redirect as someone suggested, but this did not work either. Netscape works fine. Are there any other suggestions for what I might try so that this works in both browsers? Thanks.
Modifying encodeURL()
Hi All, Is there a way to add a tag to a url along with the session id? For example, when cookies are disabled Tomcat includes the jspsessionid value in the URL to identify the session: http://mydomain.com/SomeScript.jsp;jspsession=ASDF1234?form=xform=y What I need to do is add a paramter that indicates which server is handling the session: http://mydomain.com/SomeScript.jsp;jspsession=ASDF1234;server1?form=xform=y Is it possible to overwrite encodeURL or configure Tomcat to do this? thanks -dave
