Aw: Re: Servlet-Mapping having %-sign
> Peter, > > On 12/29/23 07:56, Peter Rader wrote: > > having a URL like this: > > > > https://localhost:8443/index.html works perfect. This is my mapping: > > > > > > Nano-Nano-Servlet > > /index.html > > > > > > Nano-Nano-Servlet > > *.ts > > > > > > Unfortunately this URI does not load (because of the %-sign): > > > > https://localhost:8443/@rm%2fmodel.ts > > > > It gives a http-status:400 having the message "Invalid URI: [noSlash]" > > What's the use-case for having a client use a %-encoded / in your URL? > That kind of thing is usually evidence of a hacking attempt, which is > why Tomcat returns a 400 response. I generate TypeScript dynamically. In order to use it in Node: I register a servlet to create npm-packages at run-time. On Node-side I use this command: 1. Register servlet as npm source: 'npm config set @myapp:registry=https://nonofyourbusiness.mydomain.com:8443/' 2. Start the download: 'npm install @myapp/model --loglevel verbose' (hint: @myapp is the tomcat) This is the output of the second command: npm info it worked if it ends with ok npm verb cli [ npm verb cli '/home/grim/.nvm/versions/node/v14.18.1/bin/node', npm verb cli '/home/grim/.nvm/versions/node/v14.18.1/bin/npm', npm verb cli 'install', npm verb cli '@myapp/model@1.0.0', npm verb cli '--loglevel', npm verb cli 'verbose' npm verb cli ] npm info using npm@6.14.15 npm info using node@v14.18.1 npm verb config Skipping project config: /home/grim/.npmrc. (matches userconfig) npm verb npm-session 778f7308eede99d8 npm http fetch GET 200 https://nonofyourbusiness.mydomain.com:8443/@myapp%2fmodel 28ms npm http fetch GET 200 https://nonofyourbusiness.mydomain.com:8443/index.tgz.ts 14ms npm timing stage:loadCurrentTree Completed in 71ms npm timing stage:loadIdealTree:cloneCurrentTree Completed in 0ms npm timing stage:loadIdealTree:loadShrinkwrap Completed in 3ms npm timing stage:loadIdealTree:loadAllDepsIntoIdealTree Completed in 1ms npm timing stage:loadIdealTree Completed in 5ms npm timing stage:generateActionsToTake Completed in 1ms npm verb correctMkdir /home/grim/.npm/_locks correctMkdir not in flight; initializing npm verb lock using /home/grim/.npm/_locks/staging-b24acfc1530c2325.lock for /home/grim/node_modules/.staging npm http fetch GET 200 https://nonofyourbusiness.mydomain.com:8443/index.tgz.ts 7ms npm timing action:extract Completed in 10ms npm timing action:finalize Completed in 1ms npm timing action:refresh-package-json Completed in 1ms npm info lifecycle model@1.0.0~preinstall: model@1.0.0 npm timing action:preinstall Completed in 1ms npm info linkStuff model@1.0.0 npm timing action:build Completed in 0ms npm info lifecycle model@1.0.0~install: model@1.0.0 npm timing action:install Completed in 1ms npm info lifecycle model@1.0.0~postinstall: model@1.0.0 npm timing action:postinstall Completed in 0ms npm verb unlock done using /home/grim/.npm/_locks/staging-b24acfc1530c2325.lock for /home/grim/node_modules/.staging npm timing stage:executeActions Completed in 18ms npm timing stage:rollbackFailedOptional Completed in 1ms npm timing stage:runTopLevelLifecycles Completed in 97ms npm WARN saveError ENOENT: no such file or directory, open '/home/grim/package.json' npm info lifecycle undefined~preshrinkwrap: undefined npm info lifecycle undefined~shrinkwrap: undefined npm info lifecycle undefined~postshrinkwrap: undefined npm WARN enoent ENOENT: no such file or directory, open '/home/grim/package.json' npm verb enoent This is related to npm not being able to find a file. npm verb enoent npm WARN grim No description npm WARN grim No repository field. npm WARN grim No README data npm WARN grim No license field. npm http fetch POST 400 https://registry.npmjs.org/-/npm/v1/security/audits/quick 266ms + model@1.0.0 (as @myapp/model) added 1 package in 0.347s npm verb exit [ 0, true ] npm timing npm Completed in 463ms npm info ok --- end of console output As you might have noticed, this time the URL responded successfully. This is because I modified catalina.properties (org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true). > > https://stackoverflow.com/questions/19576777/why-does-apache-tomcat-handle-encoded-slashes-2f-as-path-separators I agree that this might become a security risk. Since the mentioned mod_jk-bug is not affected in this particular case, I could exoticize the tomcat-config to undo tomcats built-in-workaround throu the catalina.properties. It does not feel like an elegant solution, but it works for now. If however npm might be the future for some developers, a redesign of tomcat may a more desirable solution. It might be hard to tell the npm people to change their "way of downloading npm-packages" because "mod_jk have a bug" might not be concidered as a convincing argument. :-D > > -chris > -- peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: user
Re: Admin password for Tomcat
Chris,
On 12/29/2023 11:22 AM, Christopher Schultz wrote:
Jerry,
On 12/28/23 18:33, Jerry Malcolm wrote:
Chris,
On 12/28/2023 3:38 PM, Christopher Schultz wrote:
Jerry.
On 12/27/23 02:13, Jerry Malcolm wrote:
I implemented the filter as you suggested. But I guess I'm going
to need some education on sessions. Down in a user profile web
page I have a button to "Impersonate".
I'm with you so far.
I create the GenericPrincipal object and store it in the session.
I've checked several times, and every time I come back to that
code, the attribute is set in the session object.
Good. When you do that, do you remove the "real" user's
GenericPrincipal object from the session? Or are they both in there?
>
Sorry... lost you on that one. I am just setting a custom >
"GenericPrincipal" attribute named "impersonatedPrincipal" in the
session when a user clicks the "Impersonate" button on the web page.
This answers my question. I was wondering if you do this:
session.setAttribute("user", impersonatedUser); // Replace
or this:
session.setAttribut("impersonatedUser", impersonatedUser);
And it seems you are doing the second one.
In my understanding, at this point I'm just 'telling' the session
that on subsequent requests in the custom filter, here's a principal
object that I want to insert.
As long as your code agrees with you :)
I also noted in your early example that you stored a 'User' class as
the attribute in the session, not a GenericPrincipal. I couldn't
find a "User" class. So I just used GenericPrincipal, since that was
what I will insert in the request object in the filter.
We use User in our session, and essentially wrap it in a
GenericPrincipal when necessary. We are playing a lot of games, here,
in our code, so I apologize if we go down this road and it's a lot
longer than you had expected...
Remember that if Tomcat is going to enforce your authentication and
authorization constraints, your Filter will run after that, and
Tomcat and your application will disagree over which user is
currently logged-in.
>
I'm not removing the real principal from anything. Not sure how to
do that? in HttpSession? in HttpRequest? I assumed returning my
new GenericPrincipal in the RequestFacade would override any other
code asking for the principal.
It will... unless that code runs before your Filter has a chance to
pull the wool over the application's eyes. For example... Tomcat's
authentication and authorization code will run in a Valve, which runs
before all Filters.
How do I go about removing the real principal?
Let's save that for later ;)
But when I put breakpoint in my new Filter object and look in the
session, no attribute. It's a different session object from what I
can tell.
That's weird.
When you say "every time I come back to that code, the attribute is
set in the session" ... what code are you taking about?
>
The filter's 'version' of the session doesn't have the
"impersonatedPrincipal" attribute set (it doesn't have any attributes
set). But after clicking Impersonate, hitting the breakpoint, and
watching the session attribute get set, I hit F5 to refresh the page.
The filter breakpoint again doesn't have the attribute. But if I
click "Impersonate" again and hit that breakpoint the
"impersonatedPrincipal" session attribute exists in the session.
Is the session identifier changing?
I really thought I understood session objects. I thought there was
only one session object throughout the processing of a servlet.
Yes, if s/servlet/request/.
But I'm obviously missing something in the flows. Why is there a
different session object in the filter than in the main body of the
servlet? I did the getSession(false) as you suggested. The session
object is not null. It just doesn't have the attribute set. Yet if
I hit the Impersonate button again and hit the breakpoint, the
GenericPrincipal attribute is sitting in the session just as I placed
it earlier.
If the difference between when Tomcat evaluates e.g. user-roles
versus when your application does won't explain what's happening, we
might need to see some code.
Code:
Other than a loop that builds a Roles vector, these are the two lines
that create the session attribute when the "Impersonate" button is
clicked.
GenericPrincipal newPrincipal = new GenericPrincipal( getUserName(),
getPassword(),
roles );
getCtrl().getRequest().getSession(false).setAttribute(
"impersonatedPrincipal", newPrincipal );
Hmm. What are Ctrl and Request that you are "getting"? Usually, both
the servlet and the Filter see objects passed to them directly in the
doFilter() and service()/doGet/doPost/whatever methods in the servlet.
And this is the filter:
PrintWriter out = response.getWriter();
HttpSession session =
((HttpServletRequest)request).getSession(false);
if(session != null)
{
final GenericPrincipal impersonatedPrincipal =
(GenericPrincipal) ses
Re: Tomcat/Java starts using too much memory and not by the heap or non-heap memory
Hello Chuck, On Fri, Dec 29, 2023 at 11:00 PM Chuck Caldarale wrote: > > > On Dec 29, 2023, at 19:48, Brian Braun wrote: > > > > First of all: > > Christopher Schultz: You answered an email from me 6 weeks ago. You > helped > > me a lot with your suggestions. I have done a lot of research and have > > learnt a lot since then, so I have been able to rule out a lot of > potential > > roots for my issue. Because of that I am able to post a new more specific > > email. Thanks a lot!!! > > > > Now, this is my stack: > > > > - Ubuntu 22.04.3 on x86/64 with 2GM of physical RAM that has been enough > > for years. > > > I presume the “2GM” above should be “2GB”. > Yes, sorry, I mean to write "2GB". > > > - Java 11.0.20.1+1-post-Ubuntu-0ubuntu122.04 / openjdk 11.0.20.1 > 2023-08-24 > > - Tomcat 9.0.58 (JAVA_OPTS="-Djava.awt.headless=true -Xmx1000m -Xms1000m > > ..") > > - My app, which I developed myself, and has been running without any > > problems for years > > > > Well, a couple of months ago my website/Tomcat/Java started eating more > and > > more memory about after about 4-7 days. The previous days it uses just a > > few hundred MB and is very steady, but then after a few days the memory > > usage suddenly grows up to 1.5GB (and then stops growing at that point, > > which is interesting). Between these anomalies the RAM usage is fine and > > very steady (as it has been for years) and it uses just about 40-50% of > the > > "Max memory" (according to what the Tomcat Manager server status shows). > > The 3 components of G1GC heap memory are steady and low, before and after > > the usage grows to 1.5GB, so it is definitely not that the heap starts > > requiring more and more memory. I have been using several tools to > monitor > > that (New Relic, VisualVM and JDK Mission Control) so I'm sure that the > > memory usage by the heap is not the problem. > > The Non-heaps memory usage is not the problem either. Everything there is > > normal, the usage is humble and even more steady. > > > What does the /proc//maps file show, both before and after the > problem occurs? This should give you some idea of what .so library is > grabbing the extra memory. (I only have Tomcat installed on macOS at the > moment, so I can’t show you an example; I should be able to bring up Tomcat > on a Linux box tomorrow.) The output may be long, depending on how > fragmented the virtual memory allocations are. > > This is the first time I hear about the "/proc/id/maps" file and how to see the content with "cat". The content is very long and now I suspect that all those strange lines that don't seem to be files are the source of my problem. Are those Linux threads or something like that? At least from the point of view of the JVM there are just 67 threads which I think is normal considering that I am running "New Relic" and also JMX (and the peak was 72 threads). I have reviewed all those java threads and all of them look normal and necessary. I will paste the content at the end of this email. > > And there are no leaks, I'm sure of that. I have inspected the JVM using > > several tools. > > > > There are no peaks in the number of threads either. The peak is the same > > when the memory usage is low and when it requires 1.5GB. It stays the > same > > all the time. > > > > I have also reviewed all the scheduled tasks in my app and lowered the > > amount of objects they create, which was nice and entertaining. But that > is > > not the problem, I have analyzed the object creation by all the threads > > (and there are many) and the threads created by my scheduled tasks are > very > > humble in their memory usage, compared to many other threads. > > > > And I haven't made any relevant changes to my app in the 6-12 months > before > > this problem started occurring. It is weird that I started having this > > problem. Could it be that I received an update in the java version or the > > Tomcat version that is causing this problem? > > > > If neither the heap memory or the Non-heaps memory is the source of the > > growth of the memory usage, what could it be? Clearly something is > > happening inside the JVM that raises the memory usage. And everytime it > > grows, it doesn't decrease. It is like if something suddenly starts > > "pushing" the memory usage more and more, until it stops at 1.5GB. > > > > I think that maybe the source of the problem is the garbage collector. I > > haven't used any of the switches that we can use to optimize that, > > basically because I don't know what I should do there (if I should at > all). > > I have also activated the GC log, but I don't know how to analyze it. > > > I doubt that GC is the problem; if it were, it should show up in the GC > data, which you say is essentially the same before and after the problem > manifests itself.. > > > > I have also increased and decreased the value of "-Xms" parameter and it > is > > useless. > > > Unrelated to your problem, but for server processes, -Xms should
Re: Tomcat/Java starts using too much memory and not by the heap or non-heap memory
> On Dec 29, 2023, at 19:48, Brian Braun wrote: > > First of all: > Christopher Schultz: You answered an email from me 6 weeks ago. You helped > me a lot with your suggestions. I have done a lot of research and have > learnt a lot since then, so I have been able to rule out a lot of potential > roots for my issue. Because of that I am able to post a new more specific > email. Thanks a lot!!! > > Now, this is my stack: > > - Ubuntu 22.04.3 on x86/64 with 2GM of physical RAM that has been enough > for years. I presume the “2GM” above should be “2GB”. > - Java 11.0.20.1+1-post-Ubuntu-0ubuntu122.04 / openjdk 11.0.20.1 2023-08-24 > - Tomcat 9.0.58 (JAVA_OPTS="-Djava.awt.headless=true -Xmx1000m -Xms1000m > ..") > - My app, which I developed myself, and has been running without any > problems for years > > Well, a couple of months ago my website/Tomcat/Java started eating more and > more memory about after about 4-7 days. The previous days it uses just a > few hundred MB and is very steady, but then after a few days the memory > usage suddenly grows up to 1.5GB (and then stops growing at that point, > which is interesting). Between these anomalies the RAM usage is fine and > very steady (as it has been for years) and it uses just about 40-50% of the > "Max memory" (according to what the Tomcat Manager server status shows). > The 3 components of G1GC heap memory are steady and low, before and after > the usage grows to 1.5GB, so it is definitely not that the heap starts > requiring more and more memory. I have been using several tools to monitor > that (New Relic, VisualVM and JDK Mission Control) so I'm sure that the > memory usage by the heap is not the problem. > The Non-heaps memory usage is not the problem either. Everything there is > normal, the usage is humble and even more steady. What does the /proc//maps file show, both before and after the problem occurs? This should give you some idea of what .so library is grabbing the extra memory. (I only have Tomcat installed on macOS at the moment, so I can’t show you an example; I should be able to bring up Tomcat on a Linux box tomorrow.) The output may be long, depending on how fragmented the virtual memory allocations are. > And there are no leaks, I'm sure of that. I have inspected the JVM using > several tools. > > There are no peaks in the number of threads either. The peak is the same > when the memory usage is low and when it requires 1.5GB. It stays the same > all the time. > > I have also reviewed all the scheduled tasks in my app and lowered the > amount of objects they create, which was nice and entertaining. But that is > not the problem, I have analyzed the object creation by all the threads > (and there are many) and the threads created by my scheduled tasks are very > humble in their memory usage, compared to many other threads. > > And I haven't made any relevant changes to my app in the 6-12 months before > this problem started occurring. It is weird that I started having this > problem. Could it be that I received an update in the java version or the > Tomcat version that is causing this problem? > > If neither the heap memory or the Non-heaps memory is the source of the > growth of the memory usage, what could it be? Clearly something is > happening inside the JVM that raises the memory usage. And everytime it > grows, it doesn't decrease. It is like if something suddenly starts > "pushing" the memory usage more and more, until it stops at 1.5GB. > > I think that maybe the source of the problem is the garbage collector. I > haven't used any of the switches that we can use to optimize that, > basically because I don't know what I should do there (if I should at all). > I have also activated the GC log, but I don't know how to analyze it. I doubt that GC is the problem; if it were, it should show up in the GC data, which you say is essentially the same before and after the problem manifests itself.. > I have also increased and decreased the value of "-Xms" parameter and it is > useless. Unrelated to your problem, but for server processes, -Xms should be set to the same value as -Xmx; no sense in thrashing between the two. > Finally, maybe I should add that I activated 4GB of SWAP memory in my > Ubuntu instance so at least my JVM would not be killed my the OS anymore > (since the real memory is just 1.8GB). That worked and now the memory usage > can grow up to 1.5GB without crashing, by using the much slower SWAP > memory, but I still think that this is an abnormal situation. At least you have a workaround, as undesirable as it may be. - Chuck
Tomcat/Java starts using too much memory and not by the heap or non-heap memory
Hello, First of all: Christopher Schultz: You answered an email from me 6 weeks ago. You helped me a lot with your suggestions. I have done a lot of research and have learnt a lot since then, so I have been able to rule out a lot of potential roots for my issue. Because of that I am able to post a new more specific email. Thanks a lot!!! Now, this is my stack: - Ubuntu 22.04.3 on x86/64 with 2GM of physical RAM that has been enough for years. - Java 11.0.20.1+1-post-Ubuntu-0ubuntu122.04 / openjdk 11.0.20.1 2023-08-24 - Tomcat 9.0.58 (JAVA_OPTS="-Djava.awt.headless=true -Xmx1000m -Xms1000m ..") - My app, which I developed myself, and has been running without any problems for years Well, a couple of months ago my website/Tomcat/Java started eating more and more memory about after about 4-7 days. The previous days it uses just a few hundred MB and is very steady, but then after a few days the memory usage suddenly grows up to 1.5GB (and then stops growing at that point, which is interesting). Between these anomalies the RAM usage is fine and very steady (as it has been for years) and it uses just about 40-50% of the "Max memory" (according to what the Tomcat Manager server status shows). The 3 components of G1GC heap memory are steady and low, before and after the usage grows to 1.5GB, so it is definitely not that the heap starts requiring more and more memory. I have been using several tools to monitor that (New Relic, VisualVM and JDK Mission Control) so I'm sure that the memory usage by the heap is not the problem. The Non-heaps memory usage is not the problem either. Everything there is normal, the usage is humble and even more steady. And there are no leaks, I'm sure of that. I have inspected the JVM using several tools. There are no peaks in the number of threads either. The peak is the same when the memory usage is low and when it requires 1.5GB. It stays the same all the time. I have also reviewed all the scheduled tasks in my app and lowered the amount of objects they create, which was nice and entertaining. But that is not the problem, I have analyzed the object creation by all the threads (and there are many) and the threads created by my scheduled tasks are very humble in their memory usage, compared to many other threads. And I haven't made any relevant changes to my app in the 6-12 months before this problem started occurring. It is weird that I started having this problem. Could it be that I received an update in the java version or the Tomcat version that is causing this problem? If neither the heap memory or the Non-heaps memory is the source of the growth of the memory usage, what could it be? Clearly something is happening inside the JVM that raises the memory usage. And everytime it grows, it doesn't decrease. It is like if something suddenly starts "pushing" the memory usage more and more, until it stops at 1.5GB. I think that maybe the source of the problem is the garbage collector. I haven't used any of the switches that we can use to optimize that, basically because I don't know what I should do there (if I should at all). I have also activated the GC log, but I don't know how to analyze it. I have also increased and decreased the value of "-Xms" parameter and it is useless. Finally, maybe I should add that I activated 4GB of SWAP memory in my Ubuntu instance so at least my JVM would not be killed my the OS anymore (since the real memory is just 1.8GB). That worked and now the memory usage can grow up to 1.5GB without crashing, by using the much slower SWAP memory, but I still think that this is an abnormal situation. Thanks in advance for your suggestions!
Re: Servlet-Mapping having %-sign
Peter, On 12/29/23 07:56, Peter Rader wrote: having a URL like this: https://localhost:8443/index.html works perfect. This is my mapping: Nano-Nano-Servlet /index.html Nano-Nano-Servlet *.ts Unfortunately this URI does not load (because of the %-sign): https://localhost:8443/@rm%2fmodel.ts It gives a http-status:400 having the message "Invalid URI: [noSlash]" What's the use-case for having a client use a %-encoded / in your URL? That kind of thing is usually evidence of a hacking attempt, which is why Tomcat returns a 400 response. https://stackoverflow.com/questions/19576777/why-does-apache-tomcat-handle-encoded-slashes-2f-as-path-separators -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Admin password for Tomcat
Jerry,
On 12/28/23 18:33, Jerry Malcolm wrote:
Chris,
On 12/28/2023 3:38 PM, Christopher Schultz wrote:
Jerry.
On 12/27/23 02:13, Jerry Malcolm wrote:
I implemented the filter as you suggested. But I guess I'm going to
need some education on sessions. Down in a user profile web page I
have a button to "Impersonate".
I'm with you so far.
I create the GenericPrincipal object and store it in the session.
I've checked several times, and every time I come back to that code,
the attribute is set in the session object.
Good. When you do that, do you remove the "real" user's
GenericPrincipal object from the session? Or are they both in there?
>
Sorry... lost you on that one. I am just setting a custom > "GenericPrincipal"
attribute named "impersonatedPrincipal" in the
session when a user clicks the "Impersonate" button on the web page.
This answers my question. I was wondering if you do this:
session.setAttribute("user", impersonatedUser); // Replace
or this:
session.setAttribut("impersonatedUser", impersonatedUser);
And it seems you are doing the second one.
In my understanding, at this point I'm just 'telling' the session
that on subsequent requests in the custom filter, here's a principal
object that I want to insert.
As long as your code agrees with you :)
I also noted in your early example that you stored a
'User' class as the attribute in the session, not a GenericPrincipal. I
couldn't find a "User" class. So I just used GenericPrincipal, since
that was what I will insert in the request object in the filter.
We use User in our session, and essentially wrap it in a
GenericPrincipal when necessary. We are playing a lot of games, here, in
our code, so I apologize if we go down this road and it's a lot longer
than you had expected...
Remember that if Tomcat is going to enforce your authentication and
authorization constraints, your Filter will run after that, and Tomcat
and your application will disagree over which user is currently
logged-in.
>
I'm not removing the real principal from anything. Not sure how to do
that? in HttpSession? in HttpRequest? I assumed returning my new
GenericPrincipal in the RequestFacade would override any other code
asking for the principal.
It will... unless that code runs before your Filter has a chance to pull
the wool over the application's eyes. For example... Tomcat's
authentication and authorization code will run in a Valve, which runs
before all Filters.
How do I go about removing the real principal?
Let's save that for later ;)
But when I put breakpoint in my new Filter object and look in the
session, no attribute. It's a different session object from what I
can tell.
That's weird.
When you say "every time I come back to that code, the attribute is
set in the session" ... what code are you taking about?
>
The filter's 'version' of the session doesn't have the
"impersonatedPrincipal" attribute set (it doesn't have any attributes
set). But after clicking Impersonate, hitting the breakpoint, and
watching the session attribute get set, I hit F5 to refresh the page.
The filter breakpoint again doesn't have the attribute. But if I click
"Impersonate" again and hit that breakpoint the "impersonatedPrincipal"
session attribute exists in the session.
Is the session identifier changing?
I really thought I understood session objects. I thought there was
only one session object throughout the processing of a servlet.
Yes, if s/servlet/request/.
But I'm obviously missing something in the flows. Why is there a
different session object in the filter than in the main body of the
servlet? I did the getSession(false) as you suggested. The session
object is not null. It just doesn't have the attribute set. Yet if
I hit the Impersonate button again and hit the breakpoint, the
GenericPrincipal attribute is sitting in the session just as I placed
it earlier.
If the difference between when Tomcat evaluates e.g. user-roles versus
when your application does won't explain what's happening, we might
need to see some code.
Code:
Other than a loop that builds a Roles vector, these are the two lines
that create the session attribute when the "Impersonate" button is clicked.
GenericPrincipal newPrincipal = new GenericPrincipal( getUserName(),
getPassword(),
roles );
getCtrl().getRequest().getSession(false).setAttribute(
"impersonatedPrincipal", newPrincipal );
Hmm. What are Ctrl and Request that you are "getting"? Usually, both the
servlet and the Filter see objects passed to them directly in the
doFilter() and service()/doGet/doPost/whatever methods in the servlet.
And this is the filter:
PrintWriter out = response.getWriter();
HttpSession session =
((HttpServletRequest)request).getSession(false);
if(session != null)
{
final GenericPrincipal impersonatedPrincipal =
(GenericPrincipal) session.getAttribute("impersonatedPrincipal");
if (im
Fwd: Servlet-Mapping having %-sign
-- Forwarded message - From: Aryeh Friedman Date: Fri, Dec 29, 2023 at 8:08 AM Subject: Re: Servlet-Mapping having %-sign To: On Fri, Dec 29, 2023 at 7:57 AM Peter Rader wrote: > https://localhost:8443/@rm%2fmodel.ts No idea on the original question but the URL above mightiest well read: http://dear.hacker.please/hack-me.jsp -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet-Mapping having %-sign
No idea on the original question but the URL above mightiest well read: http://dear.hacker.please/hack-me.jsp - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Servlet-Mapping having %-sign
Hey, having a URL like this: https://localhost:8443/index.html works perfect. This is my mapping: Nano-Nano-Servlet /index.html Nano-Nano-Servlet *.ts Unfortunately this URI does not load (because of the %-sign): https://localhost:8443/@rm%2fmodel.ts It gives a http-status:400 having the message "Invalid URI: [noSlash]" Any ideas? Kind regards / Happy new year Peter Rader - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
