RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Thanks for the explanation Chris. Seema Date: Thu, 20 Mar 2014 14:34:05 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seems, On 3/20/14, 1:52 PM, Seema Patel wrote: Date: Thu, 20 Mar 2014 21:12:09 +0400 Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52 From: knst.koli...@gmail.com To: users@tomcat.apache.org 2014-03-20 20:55 GMT+04:00 Seema Patel seema...@hotmail.com: I think I have fixed the error I had. I have downgraded to Java 6 update 45, to see if it worked on there, but it didn't. I stayed with Java 6 to try and resolve the issue. Basically in my WEB-INF/web.xml file I have the following: filter-mapping filter-nameAuth Filter/filter-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern dispatcherREQUEST/dispatcher /filter-mapping All requests go to the doFilter() function. In Java 5.5.29 it wasn't sending .jsp requests to the the doFilter, even though the above is in the web.xml file. In Java 6 and above, it sends the .jsp file to be processed as well. So if I comment out or take out the url-pattern*.jsp/url-pattern line, my code works. I don't know what's changed in the Java 6 code for this to not work. Does anyone know why this is so I have an understanding of it? Thanks again to all that have helped with this, I know I threw out multiple questions, just didn't want to leave anything out :) I guess s/Java/Tomcat/ in several places above. Support for multiple url-patterns did not exist in old versions of Servlet Specification, so only one of the patterns would work. Support for dispatcher also did not exist in old versions, but REQUEST is the default value here, so there is no difference. If dispatcher didn't exist and support for multiple url-patterns did not exist in older versions, then I don't know why the previous developers used it (I know this is nothing to do with you all). You can validate your web.xml file against DTD or schema it uses in any decent XML editor. My knowledge of all this isn't very good, could you please tell me what you mean by DTD or schema and could you give me an example of some XML editors I could use? Thanks XML uses DTDs or Schemas for semantic validation. http://en.wikipedia.org/wiki/Document_type_definition http://en.wikipedia.org/wiki/XML_Schema_%28W3C%29 Your XML files should either have a !DOCTYPE at the top indicating which DTD to use for validation or an xmlns[:namespace] definition at the top to use for Schema validation. Example of DTD: !DOCTYPE mbeans-descriptors PUBLIC -//Apache Software Foundation//DTD Model MBeans Configuration File http://jakarta.apache.org/commons/dtds/mbeans-descriptors.dtd; (Note that the SYSTEM id above -- the URL -- actually does not point to a valid DTD, so it may not work. Tomcat's mbeans-descriptors.xml files do not actually declare any DTD, but this is the DTD to which those files are expected to adhere.) Example of Schema: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 metadata-complete=true Many XML editors will already know how to validate as long as the definitions are in the files. Eclipse already does this, but sometimes it's just stupid and tells you there is no DTD/Schema even though there clearly is one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTKzSdAAoJEBzwKT+lPKRYjVEP/3/sP9tCM/pL+7H7Ani8GKdk bYGCMbO08+VBVHr8eoU8dc33ScQ7jwqw86fGmvTjzJEtsZQyHtL1jkouTxiSMd9U Qsv/sZcnR/JlY9rixo4wO05Oh/pqX6QQ3QSlaKTvKYELS0dN2RFTRcHYfWB99tll wdHE5mgytreUG8wpURGjCroftQLvrw+NxlD1GqAL6x+tt9kScEe1skWO2E95QKjG 5VtabDQJusfPzjCA0vj4bRILJdFPf5q9hEpBumvqXoMC2pJbYXdLWCtTB8JbVRtn FKex92ygdZhnIhzVgjAFNNbc/QacXgwdT33FmhpLBeMm9ZVOhQWehLtRBu/Ugdni 6af60lU6ScGJ7cDZZS1uVvGdXsnlg3up9Fy9GXokHlI91GoBE5sar7BzdsA+OMzb At+evpXwuhbyiyDbumoqdLZFb7xIXur4diw04UeSIaFNJVUdtkF2VoOrNW0+8W/V vEzj0b2V5CPJTPgg3AIuuF//2r0FLdRSZMUVaF0/idneyujtH4o3Uc5jBWcVZqCU 2eDNuDVUdTXwUlwOmL6jgF4C8dC9REJ5Lw5A9scwiaFaXt+c70UCKIXfI0LCdBsT k19KaBjbyRJyb5u9qE2bQQBQETvz4iCTJ/lUj3GDVtnsjeoeQxzJx0AtzAgSyVL5 U+Gxnbt3JejhsCmkGfib =tcq7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
I think I have fixed the error I had. I have downgraded to Java 6 update 45,
to see if it worked on there, but it didn't.
I stayed with Java 6 to try and resolve the issue. Basically in my
WEB-INF/web.xml file I have the following:
filter-mapping
filter-nameAuth Filter/filter-name
url-pattern*.jsp/url-pattern
url-pattern*.do/url-pattern
dispatcherREQUEST/dispatcher
/filter-mapping
All requests go to the doFilter() function. In Java 5.5.29 it wasn't sending
.jsp requests to the the doFilter, even though the above is in the web.xml file.
In Java 6 and above, it sends the .jsp file to be processed as well. So if I
comment out or take out the url-pattern*.jsp/url-pattern line, my code
works.
I don't know what's changed in the Java 6 code for this to not work.
Does anyone know why this is so I have an understanding of it?
Thanks again to all that have helped with this, I know I threw out multiple
questions, just didn't want to leave anything out :)
Seema
From: mgai...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Tue, 18 Mar 2014 21:18:37 -0400
Seema-
You've asked about 10 different questions on 10 different aberrancies on your
upgrade
zip up the whole project up and stick it on driveway or any other free site
That way anyone building/running the code on TC7.0.52 can at least observe
same behaviour you are experiencing
Martin --
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Tue, 18 Mar 2014 14:10:19 +
Any update on this Chris Schultz or anyone else? I know the images I added
to the email didn't show up, so if you want me to email them directly to
you, I can.
Could really do with help on this, as it is not something I know much about.
Thanks
Seema
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 15:15:04 +
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest = (HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName = httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = + httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session and redirect
to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context
Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
2014-03-20 20:55 GMT+04:00 Seema Patel seema...@hotmail.com: I think I have fixed the error I had. I have downgraded to Java 6 update 45, to see if it worked on there, but it didn't. I stayed with Java 6 to try and resolve the issue. Basically in my WEB-INF/web.xml file I have the following: filter-mapping filter-nameAuth Filter/filter-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern dispatcherREQUEST/dispatcher /filter-mapping All requests go to the doFilter() function. In Java 5.5.29 it wasn't sending .jsp requests to the the doFilter, even though the above is in the web.xml file. In Java 6 and above, it sends the .jsp file to be processed as well. So if I comment out or take out the url-pattern*.jsp/url-pattern line, my code works. I don't know what's changed in the Java 6 code for this to not work. Does anyone know why this is so I have an understanding of it? Thanks again to all that have helped with this, I know I threw out multiple questions, just didn't want to leave anything out :) I guess s/Java/Tomcat/ in several places above. Support for multiple url-patterns did not exist in old versions of Servlet Specification, so only one of the patterns would work. Support for dispatcher also did not exist in old versions, but REQUEST is the default value here, so there is no difference. You can validate your web.xml file against DTD or schema it uses in any decent XML editor. (You can enable validation of web.xml in any version of Tomcat 7 and later. E.g., by setting org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification When validation is enabled, Tomcat will refuse to deploy an application with broken web.xml ) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Thu, 20 Mar 2014 21:12:09 +0400 Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52 From: knst.koli...@gmail.com To: users@tomcat.apache.org 2014-03-20 20:55 GMT+04:00 Seema Patel seema...@hotmail.com: I think I have fixed the error I had. I have downgraded to Java 6 update 45, to see if it worked on there, but it didn't. I stayed with Java 6 to try and resolve the issue. Basically in my WEB-INF/web.xml file I have the following: filter-mapping filter-nameAuth Filter/filter-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern dispatcherREQUEST/dispatcher /filter-mapping All requests go to the doFilter() function. In Java 5.5.29 it wasn't sending .jsp requests to the the doFilter, even though the above is in the web.xml file. In Java 6 and above, it sends the .jsp file to be processed as well. So if I comment out or take out the url-pattern*.jsp/url-pattern line, my code works. I don't know what's changed in the Java 6 code for this to not work. Does anyone know why this is so I have an understanding of it? Thanks again to all that have helped with this, I know I threw out multiple questions, just didn't want to leave anything out :) I guess s/Java/Tomcat/ in several places above. Support for multiple url-patterns did not exist in old versions of Servlet Specification, so only one of the patterns would work. Support for dispatcher also did not exist in old versions, but REQUEST is the default value here, so there is no difference. If dispatcher didn't exist and support for multiple url-patterns did not exist in older versions, then I don't know why the previous developers used it (I know this is nothing to do with you all). You can validate your web.xml file against DTD or schema it uses in any decent XML editor. My knowledge of all this isn't very good, could you please tell me what you mean by DTD or schema and could you give me an example of some XML editors I could use? Thanks (You can enable validation of web.xml in any version of Tomcat 7 and later. E.g., by setting org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification When validation is enabled, Tomcat will refuse to deploy an application with broken web.xml ) Thanks for this, I'll set it and see what happens. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seems, On 3/20/14, 1:52 PM, Seema Patel wrote: Date: Thu, 20 Mar 2014 21:12:09 +0400 Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52 From: knst.koli...@gmail.com To: users@tomcat.apache.org 2014-03-20 20:55 GMT+04:00 Seema Patel seema...@hotmail.com: I think I have fixed the error I had. I have downgraded to Java 6 update 45, to see if it worked on there, but it didn't. I stayed with Java 6 to try and resolve the issue. Basically in my WEB-INF/web.xml file I have the following: filter-mapping filter-nameAuth Filter/filter-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern dispatcherREQUEST/dispatcher /filter-mapping All requests go to the doFilter() function. In Java 5.5.29 it wasn't sending .jsp requests to the the doFilter, even though the above is in the web.xml file. In Java 6 and above, it sends the .jsp file to be processed as well. So if I comment out or take out the url-pattern*.jsp/url-pattern line, my code works. I don't know what's changed in the Java 6 code for this to not work. Does anyone know why this is so I have an understanding of it? Thanks again to all that have helped with this, I know I threw out multiple questions, just didn't want to leave anything out :) I guess s/Java/Tomcat/ in several places above. Support for multiple url-patterns did not exist in old versions of Servlet Specification, so only one of the patterns would work. Support for dispatcher also did not exist in old versions, but REQUEST is the default value here, so there is no difference. If dispatcher didn't exist and support for multiple url-patterns did not exist in older versions, then I don't know why the previous developers used it (I know this is nothing to do with you all). You can validate your web.xml file against DTD or schema it uses in any decent XML editor. My knowledge of all this isn't very good, could you please tell me what you mean by DTD or schema and could you give me an example of some XML editors I could use? Thanks XML uses DTDs or Schemas for semantic validation. http://en.wikipedia.org/wiki/Document_type_definition http://en.wikipedia.org/wiki/XML_Schema_%28W3C%29 Your XML files should either have a !DOCTYPE at the top indicating which DTD to use for validation or an xmlns[:namespace] definition at the top to use for Schema validation. Example of DTD: !DOCTYPE mbeans-descriptors PUBLIC -//Apache Software Foundation//DTD Model MBeans Configuration File http://jakarta.apache.org/commons/dtds/mbeans-descriptors.dtd; (Note that the SYSTEM id above -- the URL -- actually does not point to a valid DTD, so it may not work. Tomcat's mbeans-descriptors.xml files do not actually declare any DTD, but this is the DTD to which those files are expected to adhere.) Example of Schema: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 metadata-complete=true Many XML editors will already know how to validate as long as the definitions are in the files. Eclipse already does this, but sometimes it's just stupid and tells you there is no DTD/Schema even though there clearly is one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTKzSdAAoJEBzwKT+lPKRYjVEP/3/sP9tCM/pL+7H7Ani8GKdk bYGCMbO08+VBVHr8eoU8dc33ScQ7jwqw86fGmvTjzJEtsZQyHtL1jkouTxiSMd9U Qsv/sZcnR/JlY9rixo4wO05Oh/pqX6QQ3QSlaKTvKYELS0dN2RFTRcHYfWB99tll wdHE5mgytreUG8wpURGjCroftQLvrw+NxlD1GqAL6x+tt9kScEe1skWO2E95QKjG 5VtabDQJusfPzjCA0vj4bRILJdFPf5q9hEpBumvqXoMC2pJbYXdLWCtTB8JbVRtn FKex92ygdZhnIhzVgjAFNNbc/QacXgwdT33FmhpLBeMm9ZVOhQWehLtRBu/Ugdni 6af60lU6ScGJ7cDZZS1uVvGdXsnlg3up9Fy9GXokHlI91GoBE5sar7BzdsA+OMzb At+evpXwuhbyiyDbumoqdLZFb7xIXur4diw04UeSIaFNJVUdtkF2VoOrNW0+8W/V vEzj0b2V5CPJTPgg3AIuuF//2r0FLdRSZMUVaF0/idneyujtH4o3Uc5jBWcVZqCU 2eDNuDVUdTXwUlwOmL6jgF4C8dC9REJ5Lw5A9scwiaFaXt+c70UCKIXfI0LCdBsT k19KaBjbyRJyb5u9qE2bQQBQETvz4iCTJ/lUj3GDVtnsjeoeQxzJx0AtzAgSyVL5 U+Gxnbt3JejhsCmkGfib =tcq7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Martin,
When Chris Schultz said I was asking multiple questions, I did apologize to him.
My knowledge of all this is limited as I'm new to it, so please don't make
sarcastic comments to a newbie, we all have to start somewhere and I thought
the purpose of this user list was to help everyone out, no matter their skill
level (or lack of).
Again I apologize to anyone who thinks I'm asking too many questions.
My last email (with actual issue related info) was in reply to Chris Schultz
asking me for the information.
I really do appreciate any help anyone can give me.
Thanks
Seema
From: mgai...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Tue, 18 Mar 2014 21:18:37 -0400
Seema-
You've asked about 10 different questions on 10 different aberrancies on your
upgrade
zip up the whole project up and stick it on driveway or any other free site
That way anyone building/running the code on TC7.0.52 can at least observe
same behaviour you are experiencing
Martin --
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Tue, 18 Mar 2014 14:10:19 +
Any update on this Chris Schultz or anyone else? I know the images I added
to the email didn't show up, so if you want me to email them directly to
you, I can.
Could really do with help on this, as it is not something I know much about.
Thanks
Seema
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 15:15:04 +
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest = (HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName = httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = + httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session and redirect
to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll(\\.do,));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Any update on this Chris Schultz or anyone else? I know the images I added to
the email didn't show up, so if you want me to email them directly to you, I
can.
Could really do with help on this, as it is not something I know much about.
Thanks
Seema
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 15:15:04 +
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest =
(HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName =
httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = +
httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session
and redirect to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll(\\.do,));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
}
}
}
}
To give you a better idea of what was in the web.xml, here is what's been
taken out:
filter
filter-nameNtlmHttpFilter/filter-name
filter-classjcifs.http.NtlmHttpFilter/filter-class
init-param
param-namejcifs.smb.client.soTimeout/param-name
param-value3/param-value
/init-param
!-- always needed for preauthentication / SMB signatures --
init-param
param-namejcifs.smb.client.domain/param-name
param-valueXXX.LOCAL/param-value
/init-param
!-- SMB message signing requires a valid existing login --
init-param
param-namejcifs.smb.client.username/param-name
param-valueusername/param-value
/init-param
init-param
param-namejcifs.smb.client.password/param-name
param
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Seema-
You've asked about 10 different questions on 10 different aberrancies on your
upgrade
zip up the whole project up and stick it on driveway or any other free site
That way anyone building/running the code on TC7.0.52 can at least observe
same behaviour you are experiencing
Martin --
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Tue, 18 Mar 2014 14:10:19 +
Any update on this Chris Schultz or anyone else? I know the images I added to
the email didn't show up, so if you want me to email them directly to you, I
can.
Could really do with help on this, as it is not something I know much about.
Thanks
Seema
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 15:15:04 +
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest = (HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName = httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = + httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session and redirect to
login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll(\\.do,));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
}
}
}
}
To give you a better idea of what was in the web.xml, here is what's been
taken out:
filter
filter-nameNtlmHttpFilter/filter-name
filter-classjcifs.http.NtlmHttpFilter/filter-class
init-param
param-namejcifs.smb.client.soTimeout/param-name
param-value3/param-value
/init-param
!-- always needed for preauthentication / SMB signatures --
init-param
param-namejcifs.smb.client.domain/param-name
param-valueXXX.LOCAL/param-value
/init-param
!-- SMB message signing requires a valid existing login --
init-param
param-namejcifs.smb.client.username/param-name
param-valueusername/param-value
/init-param
init-param
param-namejcifs.smb.client.password/param-name
param-valuepassword/param-value
/init-param
!-- Set the logging level --
init-param
param
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
From: seema...@hotmail.com
To: users@tomcat.apache.org
Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 15:15:04 +
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest =
(HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName =
httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = +
httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session
and redirect to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll(\\.do,));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
}
}
}
}
To give you a better idea of what was in the web.xml, here is what's been
taken out:
filter
filter-nameNtlmHttpFilter/filter-name
filter-classjcifs.http.NtlmHttpFilter/filter-class
init-param
param-namejcifs.smb.client.soTimeout/param-name
param-value3/param-value
/init-param
!-- always needed for preauthentication / SMB signatures --
init-param
param-namejcifs.smb.client.domain/param-name
param-valueXXX.LOCAL/param-value
/init-param
!-- SMB message signing requires a valid existing login --
init-param
param-namejcifs.smb.client.username/param-name
param-valueusername/param-value
/init-param
init-param
param-namejcifs.smb.client.password/param-name
param-valuepassword/param-value
/init-param
!-- Set the logging level --
init-param
param-namejcifs.util.loglevel/param-name
param-value2/param-value
/init-param
!-- allow non-IE browsers
Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seema, On 3/14/14, 7:53 AM, Seema Patel wrote: I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7) for my struts servlet jsp application. I have also removed all JCIFS authentication from the WEB-INF/web.xml file and have tried to do BASIC authentication through Tomcat and the AD (it authenticates me, but not sure if I've missed anything out, as I've never done this before). One question at a time, please ;) I have a doFilter function in my code, which contains httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java 1.5 version, this will work, as when I print httpServletRequest.getServletPath() i get the following: P1_00.do P5_0_0.do P5_0_1.do But in Tomcat 7.0.52 Java 1.7 I get the following from httpServletRequest.getServletPath() call: P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp includes/P1_00.do How are you printing this? Do you just have a Filter that wraps everything and dumps-out the ServletPath for every request? Can you post the code for that Filter as well as the filter and filter-mapping configuration you have in web.xml? This is for the same page I'm calling. I would like to know if something has changed in the way Tomcat 7.0.52 handles this call from the way it used to in 5.5.29. I'm trying to eliminate either Tomcat or Java from this issue, as nothing else has been changed besides the upgrade of these two (except for WEB-INF/web.xml, which may also be the cause, if so, is this something that this group could help me with?). The servlet spec has changed slightly in the intervening versions. It may depend upon your configuration that I requested above. Are you having a specific problem, or are you just wondering why you are seeing more output? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTIve2AAoJEBzwKT+lPKRYGO8QAJBevD64cmJWvC6D9qjCXnwm qlhfOIySRsmBIz6PPXyH1k2+H3YkRJEsTAiqdsGZ+WASc8tDQvPFrC3wyZB6p3ft n2lNYYEMhBid39ahrFv+RlgKOsTd3enHiLeiVdD1wuub/P4fj3yEkR0+aM+CoSrl n06SgLAU4CN9qrYi+nTx4tvlzCElEjbWVkw/PJgKJGB9x4uM5eueZXdri8ymDiLI a/eaZA5PW4jow+xXLgoBsPSVsrggjUjPdsvz7byMF324Syin73xrjm4WNkWchLD0 e8R8u6Ozew/e3uTTiyGh9WHTacNPAKb0er8jAIwYXTddqxYbnnbnFGAyc5jmLtmp QAgn2xW1SRYJiQu7cuBOCO5uJY6uOkSYpj2NKYNMuCKi8MMaKp9XYY/D/CLNjvFP YQhHySdwaPsjEprmU/IfMt+3uzRn6TFKsDBJA7LA8Jotv64kobohjkoTk6A6ihPJ mGBOPQtdUw4kYSbq0ETSqcUnW2vM5V3VaaouL5+jmKIwjtbyN48rh8OKO6qz2gaR mpLy3Zgu4KGCAEsIEuTjs0D6fHDpmSzsm03Ai1glHXrIZG6mRSU7J2z3XtlACsWO bcRzOBCLOfxCBUYUD6PKqcOW0D0sfWfoQqTxqqTbb1mJkH/9I7zRZjTH/Gl+jxQ4 fh3XbIAaQ5WNR3BQHWOW =cBU1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
Date: Fri, 14 Mar 2014 08:36:08 -0400
From: ch...@christopherschultz.net
To: users@tomcat.apache.org
Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Seema,
On 3/14/14, 7:53 AM, Seema Patel wrote:
I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
for my struts servlet jsp application. I have also removed all
JCIFS authentication from the WEB-INF/web.xml file and have tried
to do BASIC authentication through Tomcat and the AD (it
authenticates me, but not sure if I've missed anything out, as I've
never done this before).
One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
I have a doFilter function in my code, which contains
httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
1.5 version, this will work, as when I print
httpServletRequest.getServletPath() i get the following:
P1_00.do P5_0_0.do P5_0_1.do
But in Tomcat 7.0.52 Java 1.7 I get the following from
httpServletRequest.getServletPath() call:
P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
includes/P1_00.do
How are you printing this? Do you just have a Filter that wraps
everything and dumps-out the ServletPath for every request? Can you
post the code for that Filter as well as the filter and
filter-mapping configuration you have in web.xml?
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest = (HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName =
httpRequest.getServletPath().replaceAll(/,);
System.out.println(Request Page = +
httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session and
redirect to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
MapString,LogicalOperation permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(MapString,LogicalOperation)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll(\\.do,));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
}
}
}
}
To give you a better idea of what was in the web.xml, here is what's been taken
out:
filter
filter-nameNtlmHttpFilter/filter-name
filter-classjcifs.http.NtlmHttpFilter/filter-class
init-param
param-namejcifs.smb.client.soTimeout/param-name
param-value3/param-value
/init-param
!-- always needed for preauthentication / SMB signatures --
init-param
param-namejcifs.smb.client.domain/param-name
param-valueXXX.LOCAL/param-value
/init-param
!-- SMB message signing requires a valid existing login --
init-param
param-namejcifs.smb.client.username/param-name
param-valueusername/param-value
/init-param
init-param
param-namejcifs.smb.client.password/param-name
param-valuepassword/param-value
/init-param
!-- Set the logging level --
init-param
param-namejcifs.util.loglevel/param-name
param-value2/param-value
/init-param
!-- allow non-IE browsers to use basic auth --
init-param
param-namejcifs.http.insecureBasic/param-name
param-valuetrue/param-value
/init-param
/filter
filter-mapping
filter-nameNtlmHttpFilter/filter-name
url-pattern*.do/url-pattern
/filter
