Re: Redirection/URL rewriting Tomcat 8.5.14
Hi Chris, 2017-05-12 13:31 GMT-04:00 Christopher Schultz: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > On 5/12/17 10:03 AM, Daniel Savard wrote: > > Hi everyone, > > > > my question is not specific to the Tomcat version specified in the > > subject line. I am trying to implement a URL rewrite or > > redirection using Tomcat. What I want to do is the following: > > > > In a given instance of Tomcat, I have each application context > > setup using the xml files in > > $CATALINA_BASE/conf/[enginename]/[hostname]/, so far so good. Hence > > for app1 I then have the URL: > https://myserver:myport/app1, etc. > > > > What I need to do, is to have a dummy application which purpose is > > just to redirect/rewrite the URL from one application to another. > > So, I need in fact an empty application capturing each request and > > send back to the browser a rewritten URL to the another > > application. > > > > For example, suppose I want to redirect app1 to app2, I need to > rewrite all > > possible URL with query options and so one replacing only app1 by > > app2 in the URL. > > > > https://myserver:myport/app1/something_more_specific?opt1 should be > > rewritten as > > https://myserver:myport/app2/something_more_specific?opt1 > > > > To do this, I read about the rewrite valve here: > > http://tomcat.apache.org/tomcat-8.5-doc/rewrite.html > > > > So, I created an empty directory $CATALINA_BASE/webapps/app1 with > > the following file: > > > > $CATALINA_BASE/webapps/app1/WEB-INF/rewrite.config > > > > And my $CATALINA_BASE/conf/[enginename]/[hostname]/app1.xml has the > > following entry within its context: > > > > > className="org.apache.catalina.valves.rewrite.RewriteValve"/> > > > > My rewrite.config file is as follow: > > > > RewriteCond %{REQUEST_URI} ^/app1/?.* RewriteRule ^/app1(/?.*)$ > > /app2$1 [L] > > > > Without anything else, I am getting a HTTP 404 code. With an empty > > index.html I am getting a blank page. Within a working application > > I am getting the application's welcome page. But never the URL is > rewritten. The > > rewrite.config file is actually read, I checked by introducing > > some typo and I am getting an error message at startup. > > > > Is there a way to debug this problem? How can I see what is going > > on with the execution of the rewriting class? > > I think everything you have above is correct, except that you want to > deploy everything in the ROOT application instead of into "app1". With > "app1", you are re-writing "/app1/app1" to "/app1/app2" when in fact you > want to rewrite "/app1" to "/app2", correct? > > Also, it's important that /app1 not be a deployed application, otherwise > requests to that context path with be sent to the /app1 application > instead of to the ROOT webapp. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJZFfGGAAoJEBzwKT+lPKRYlfsQAK9+rFzKtrrPS73Ma9VDclkn > Lr3oG65TdKPhwVEtQlQoxLggX3GLiepImPzjY52rnMhxCZj+tt5n/fCkqVzEPnIp > /NNgz/nX/GWqYjU11V58Azh2GRrjBqCJmesawxB/Y5+2NjcW6PrXJNje5PBmkbjs > QkI5ftAYih7zxWQ4yASJfYwOmmjPpdNfyEM0IR/qkh/VnTz5bVu0/EgeOOK0/Dny > EsK+3ptm+gdTNVt9jqwEnhWx5tsgpanhTycyyagwROT2A7NaldIi7xARPW3ZlSSF > 0ncvQ8Z3G0KolBsGsDVyNgNv+bF38sfxOaN7xyp9GXFJVX5hKfRFBphiWPl+jjzz > mwPcA3MsqDM3fQ4hMTAffmnUAj786pTZ6MCjDnumFjnQZB0zXASEpfI4G9f3+dKM > fiVdjUQxgrXlUl6wcqBGUidN5PDb+akY8w9xNDl3PvBjrXfFIIfttLgGmxF5cej6 > dkvLqZoitIDzt8dOkWSns3UdK+fq3a1Hjw1BOPlvnvKbnhz2QXrxua6WMDQapohs > JUUkAR3sujPUs/Tgjq5SiIEBe9sbwQTysNgtw9MzFUmAB7D87cCt0zI8dCbaL54Z > iYUI0+IDVG7rc7+TwFeRo+ok96qMK1IKCiZt/8pe/097WcWMQq9FeYpGAg4YgZYo > bwhJFBohEZeuwZCwhN9F > =J7pC > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Thanks for the tip. I am almost there. Actually, moving everything in ROOT solved at least the actual execution of the rewriting. However, it didn't solve entirely my problem. If I access the URL: https://myhost/app1 in my browser the URL is actually rewritten to https://myhost/app2 and access the index.html, etc. This is fine. However, if I try to access the URL: https://myhost/app1/ in my browser the URL is NOT rewritten even if the actual application is properly accessed. I really need the URL to be sent back to the browser. The same thing happens if something follows the first part of the URI /app1/something will lead to /app1/something instead of /app2/something. The reason I am struggling with this and need this behavior is because a commercial application we are running here is having a new version where some files kept the same name as the older version, but the content is not the same (typically icons, logos and pictures) and in the previous version, they were marked to not expired in the
Re: Redirection/URL rewriting Tomcat 8.5.14
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 5/12/17 10:03 AM, Daniel Savard wrote: > Hi everyone, > > my question is not specific to the Tomcat version specified in the > subject line. I am trying to implement a URL rewrite or > redirection using Tomcat. What I want to do is the following: > > In a given instance of Tomcat, I have each application context > setup using the xml files in > $CATALINA_BASE/conf/[enginename]/[hostname]/, so far so good. Hence > for app1 I then have the URL: https://myserver:myport/app1, etc. > > What I need to do, is to have a dummy application which purpose is > just to redirect/rewrite the URL from one application to another. > So, I need in fact an empty application capturing each request and > send back to the browser a rewritten URL to the another > application. > > For example, suppose I want to redirect app1 to app2, I need to rewrite all > possible URL with query options and so one replacing only app1 by > app2 in the URL. > > https://myserver:myport/app1/something_more_specific?opt1 should be > rewritten as > https://myserver:myport/app2/something_more_specific?opt1 > > To do this, I read about the rewrite valve here: > http://tomcat.apache.org/tomcat-8.5-doc/rewrite.html > > So, I created an empty directory $CATALINA_BASE/webapps/app1 with > the following file: > > $CATALINA_BASE/webapps/app1/WEB-INF/rewrite.config > > And my $CATALINA_BASE/conf/[enginename]/[hostname]/app1.xml has the > following entry within its context: > > className="org.apache.catalina.valves.rewrite.RewriteValve"/> > > My rewrite.config file is as follow: > > RewriteCond %{REQUEST_URI} ^/app1/?.* RewriteRule ^/app1(/?.*)$ > /app2$1 [L] > > Without anything else, I am getting a HTTP 404 code. With an empty > index.html I am getting a blank page. Within a working application > I am getting the application's welcome page. But never the URL is rewritten. The > rewrite.config file is actually read, I checked by introducing > some typo and I am getting an error message at startup. > > Is there a way to debug this problem? How can I see what is going > on with the execution of the rewriting class? I think everything you have above is correct, except that you want to deploy everything in the ROOT application instead of into "app1". With "app1", you are re-writing "/app1/app1" to "/app1/app2" when in fact you want to rewrite "/app1" to "/app2", correct? Also, it's important that /app1 not be a deployed application, otherwise requests to that context path with be sent to the /app1 application instead of to the ROOT webapp. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZFfGGAAoJEBzwKT+lPKRYlfsQAK9+rFzKtrrPS73Ma9VDclkn Lr3oG65TdKPhwVEtQlQoxLggX3GLiepImPzjY52rnMhxCZj+tt5n/fCkqVzEPnIp /NNgz/nX/GWqYjU11V58Azh2GRrjBqCJmesawxB/Y5+2NjcW6PrXJNje5PBmkbjs QkI5ftAYih7zxWQ4yASJfYwOmmjPpdNfyEM0IR/qkh/VnTz5bVu0/EgeOOK0/Dny EsK+3ptm+gdTNVt9jqwEnhWx5tsgpanhTycyyagwROT2A7NaldIi7xARPW3ZlSSF 0ncvQ8Z3G0KolBsGsDVyNgNv+bF38sfxOaN7xyp9GXFJVX5hKfRFBphiWPl+jjzz mwPcA3MsqDM3fQ4hMTAffmnUAj786pTZ6MCjDnumFjnQZB0zXASEpfI4G9f3+dKM fiVdjUQxgrXlUl6wcqBGUidN5PDb+akY8w9xNDl3PvBjrXfFIIfttLgGmxF5cej6 dkvLqZoitIDzt8dOkWSns3UdK+fq3a1Hjw1BOPlvnvKbnhz2QXrxua6WMDQapohs JUUkAR3sujPUs/Tgjq5SiIEBe9sbwQTysNgtw9MzFUmAB7D87cCt0zI8dCbaL54Z iYUI0+IDVG7rc7+TwFeRo+ok96qMK1IKCiZt/8pe/097WcWMQq9FeYpGAg4YgZYo bwhJFBohEZeuwZCwhN9F =J7pC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Redirection/URL rewriting Tomcat 8.5.14
Hi everyone, my question is not specific to the Tomcat version specified in the subject line. I am trying to implement a URL rewrite or redirection using Tomcat. What I want to do is the following: In a given instance of Tomcat, I have each application context setup using the xml files in $CATALINA_BASE/conf/[enginename]/[hostname]/, so far so good. Hence for app1 I then have the URL: https://myserver:myport/app1, etc. What I need to do, is to have a dummy application which purpose is just to redirect/rewrite the URL from one application to another. So, I need in fact an empty application capturing each request and send back to the browser a rewritten URL to the another application. For example, suppose I want to redirect app1 to app2, I need to rewrite all possible URL with query options and so one replacing only app1 by app2 in the URL. https://myserver:myport/app1/something_more_specific?opt1 should be rewritten as https://myserver:myport/app2/something_more_specific?opt1 To do this, I read about the rewrite valve here: http://tomcat.apache.org/tomcat-8.5-doc/rewrite.html So, I created an empty directory $CATALINA_BASE/webapps/app1 with the following file: $CATALINA_BASE/webapps/app1/WEB-INF/rewrite.config And my $CATALINA_BASE/conf/[enginename]/[hostname]/app1.xml has the following entry within its context: My rewrite.config file is as follow: RewriteCond %{REQUEST_URI} ^/app1/?.* RewriteRule ^/app1(/?.*)$ /app2$1 [L] Without anything else, I am getting a HTTP 404 code. With an empty index.html I am getting a blank page. Within a working application I am getting the application's welcome page. But never the URL is rewritten. The rewrite.config file is actually read, I checked by introducing some typo and I am getting an error message at startup. Is there a way to debug this problem? How can I see what is going on with the execution of the rewriting class? Regards, - Daniel Savard
Re: URL Rewriting
Why are you so eager to remove the ids from the URL? Thanks Chris for reply,It was looking ugly thats the reason.Anyways, now that I have fixed most of gaps, I think I should be fine with this. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
Andre, I am a big fan of yours with the way you explain the things in neat way.Being a moderator/owner of some of large lists of my profession for close to 8 years now I rarely had this kind of patience to write so much and so neat. BTW For the time being, I would prefer to keep this thread on hold though point d is something I can experiment with. Give me sometime to think about to redesign this piece of code. On 6/15/2012 3:53 AM, André Warnier wrote: Kiran Badi wrote: Please inline for my answers Andre. Kiran, Why does that id=17 visible in the URL bother you ? Is it because of some security aspect ? (that the user could change it, and get something else than what they should be getting ?) Thanks for reminding this aspect.I was not checking for empty resultset in my code.Fixed that one now.:) 1) If that is the case, then the basic logic of your application is flawed. If this is information that really needs to be sent by the browser to the server, then the browser must have that information. And if that information originally comes from the server and is sent to the browser, then there is /nothing/ that you can do to block some user from playing around with it, before sending it back to the server. If you do not want the user to be able to play around with some information, then don't send it to him in the first place. O Ok let me share the way I wrote this piece, href=%=request.getContextPath()%/getmyservice.do?id=${myid} , this is link basically where I append the id(id comes from DB) send this to the servlet and it the pulls the records from db for corresponding id and then sends it back again to JSP for display.But I am not able to figure out as why I not getting the url of jsp something like http://localhost:8080/ourstory/myiddata.jsp .So thought that let me try to rewrite the url in case if its possible. 2) if the browser /must/ send some information to the server as part of the URL, then there is /nothing/ that can be done on the server side, to stop the browser showing this information in the URL bar. To illustrate this : - imagine that the server sends a page to the browser, and this page contains a link like : a href=http://localhost:8080/mysite/getmyservice.do?id=my-very-secret-information;click here/a Then the user, just by moving his mouse above click here, sees the content of that link at the bottom of his screen, in the status bar, right ? And the user can right-click on click here, and choose copy link location. And then the user can open another browser window, and paste this URL in the URL bar. And then the user can modify this link before hitting the return button, so that the link now looks like http://localhost:8080/mysite/getmyservice.do?id=some-other-information right ? And all this happens in the browser, /before/ the server even sees this browser request. So what could the server do ? This is interesting information,how about sending the info as POST rather than Get.Not sure if I can convert clicking of the link from get from post.but I will try.But again the place where I am displaying the generating the links, is not within form, they just hyperlinks with id appended to it. Now I know both get/post can be broken if one wants it,thats all together is different case,but for now I need tidy and clean url with no id appended to it. Does my requirement makes sense ? Since you ask it that way, the answer would be no. Step 1 : the browser contacts the server via a request with some URL (doesn't really mater which one at this stage, but in this first step there is no id yet). Step 2 : the server does something with that request, and returns some response to the browser. In this response, somewhere, the id to use in step 3 must be mentioned, or some other way to retrieve the id. Step 3 : the browser sends another request to the server, in which this id parameter must be included (or some other way for the server to retrieve the correct id). Step 4 : the server receives this second request, retrieves the id, and does something useful with it. Now, at step 3, if the browser must include this id value in the request, it must include it somewhere. This somewhere can be : a) in the URL of a hyperlink. In that case, the user will see the id parameter in the hyperlink, and in the browser URL bar when the user clicks the hyperlink. b) in the body of the request. In this case, the user would not see the id parameter in the URL at step 3. But it also means that the request in step 3 must be a POST request. That is typically done with a form method=POST action=/the/url/to/which/this/is/posted ... input type=hidden name=id value=my-id-value / ... /form You cannot do that with a simple hyperlink. Clicking a hyperlink sends a GET request, not a POST request. And GET requests do not have a body. It also means that the server, at step 2, must compose and send this html page to the browser, with the
Re: URL Rewriting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kiran, On 6/13/12 12:16 AM, Kiran Badi wrote: I have bunch of functionalities which are showing up with urls as http://localhost:8080/mysite/getmyservice.do?id=17 and I just need to hide them and show some neat url something like mysite/getmyservice.do without displaying parameters. You need to send the id somehow: your options are GET (with 'id' in the URL), POST (with 'id' in the POST body) or using something like Javascript to communicate with the server so that the URL doesn't show anything. Will hiding the url's cause any other issues ? The downside to using POST is that pages cannot be (easily) bookmarked by your users, and using the BACK button on the client becomes a miserable user experience. Why are you so eager to remove the ids from the URL? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/aMvEACgkQ9CaO5/Lv0PDTYACeKB4E2nw3+EqrtwTMIxpIDE/w Rl0An0nV8HNxyT7O8+H4Nrw9PJ+J0m48 =T1zH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
Kiran Badi wrote: Please inline for my answers Andre. Kiran, Why does that id=17 visible in the URL bother you ? Is it because of some security aspect ? (that the user could change it, and get something else than what they should be getting ?) Thanks for reminding this aspect.I was not checking for empty resultset in my code.Fixed that one now.:) 1) If that is the case, then the basic logic of your application is flawed. If this is information that really needs to be sent by the browser to the server, then the browser must have that information. And if that information originally comes from the server and is sent to the browser, then there is /nothing/ that you can do to block some user from playing around with it, before sending it back to the server. If you do not want the user to be able to play around with some information, then don't send it to him in the first place. O Ok let me share the way I wrote this piece, href=%=request.getContextPath()%/getmyservice.do?id=${myid} , this is link basically where I append the id(id comes from DB) send this to the servlet and it the pulls the records from db for corresponding id and then sends it back again to JSP for display.But I am not able to figure out as why I not getting the url of jsp something like http://localhost:8080/ourstory/myiddata.jsp .So thought that let me try to rewrite the url in case if its possible. 2) if the browser /must/ send some information to the server as part of the URL, then there is /nothing/ that can be done on the server side, to stop the browser showing this information in the URL bar. To illustrate this : - imagine that the server sends a page to the browser, and this page contains a link like : a href=http://localhost:8080/mysite/getmyservice.do?id=my-very-secret-information;click here/a Then the user, just by moving his mouse above click here, sees the content of that link at the bottom of his screen, in the status bar, right ? And the user can right-click on click here, and choose copy link location. And then the user can open another browser window, and paste this URL in the URL bar. And then the user can modify this link before hitting the return button, so that the link now looks like http://localhost:8080/mysite/getmyservice.do?id=some-other-information right ? And all this happens in the browser, /before/ the server even sees this browser request. So what could the server do ? This is interesting information,how about sending the info as POST rather than Get.Not sure if I can convert clicking of the link from get from post.but I will try.But again the place where I am displaying the generating the links, is not within form, they just hyperlinks with id appended to it. Now I know both get/post can be broken if one wants it,thats all together is different case,but for now I need tidy and clean url with no id appended to it. Does my requirement makes sense ? Since you ask it that way, the answer would be no. Step 1 : the browser contacts the server via a request with some URL (doesn't really mater which one at this stage, but in this first step there is no id yet). Step 2 : the server does something with that request, and returns some response to the browser. In this response, somewhere, the id to use in step 3 must be mentioned, or some other way to retrieve the id. Step 3 : the browser sends another request to the server, in which this id parameter must be included (or some other way for the server to retrieve the correct id). Step 4 : the server receives this second request, retrieves the id, and does something useful with it. Now, at step 3, if the browser must include this id value in the request, it must include it somewhere. This somewhere can be : a) in the URL of a hyperlink. In that case, the user will see the id parameter in the hyperlink, and in the browser URL bar when the user clicks the hyperlink. b) in the body of the request. In this case, the user would not see the id parameter in the URL at step 3. But it also means that the request in step 3 must be a POST request. That is typically done with a form method=POST action=/the/url/to/which/this/is/posted ... input type=hidden name=id value=my-id-value / ... /form You cannot do that with a simple hyperlink. Clicking a hyperlink sends a GET request, not a POST request. And GET requests do not have a body. It also means that the server, at step 2, must compose and send this html page to the browser, with the form in it, and the hidden id parameter. It also means that the user can, after step 2, do a view page source, and see the hidden id value. The user can also save this page to a disk file, edit it to change the hidden value, then recall this file in the browser, and press the submit button. c) at step 2, the server could send the id parameter inside an encrypted cookie. At step 3, the browser would send this cookie back to the server. The application on the server
Re: URL Rewriting
Kiran Badi wrote: Hi All, For some of the functionality, I have url in the below format http://localhost:8080/mysite/getmyservice.do?id=17 What I was looking for is to hide the id part of the url and just show something like http://localhost:8080/mysite/getmyservice.do# Is this hack possible with tomcat 7.011 or 7.027 or I need to write some filter to do this? I have Tomcat 7.027 on win 7 home premium and url is generated via servlet/jsp. Kiran, Why does that id=17 visible in the URL bother you ? Is it because of some security aspect ? (that the user could change it, and get something else than what they should be getting ?) 1) If that is the case, then the basic logic of your application is flawed. If this is information that really needs to be sent by the browser to the server, then the browser must have that information. And if that information originally comes from the server and is sent to the browser, then there is /nothing/ that you can do to block some user from playing around with it, before sending it back to the server. If you do not want the user to be able to play around with some information, then don't send it to him in the first place. 2) if the browser /must/ send some information to the server as part of the URL, then there is /nothing/ that can be done on the server side, to stop the browser showing this information in the URL bar. To illustrate this : - imagine that the server sends a page to the browser, and this page contains a link like : a href=http://localhost:8080/mysite/getmyservice.do?id=my-very-secret-information;click here/a Then the user, just by moving his mouse above click here, sees the content of that link at the bottom of his screen, in the status bar, right ? And the user can right-click on click here, and choose copy link location. And then the user can open another browser window, and paste this URL in the URL bar. And then the user can modify this link before hitting the return button, so that the link now looks like http://localhost:8080/mysite/getmyservice.do?id=some-other-information right ? And all this happens in the browser, /before/ the server even sees this browser request. So what could the server do ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
Please inline for my answers Andre. Kiran, Why does that id=17 visible in the URL bother you ? Is it because of some security aspect ? (that the user could change it, and get something else than what they should be getting ?) Thanks for reminding this aspect.I was not checking for empty resultset in my code.Fixed that one now.:) 1) If that is the case, then the basic logic of your application is flawed. If this is information that really needs to be sent by the browser to the server, then the browser must have that information. And if that information originally comes from the server and is sent to the browser, then there is /nothing/ that you can do to block some user from playing around with it, before sending it back to the server. If you do not want the user to be able to play around with some information, then don't send it to him in the first place. O Ok let me share the way I wrote this piece, href=%=request.getContextPath()%/getmyservice.do?id=${myid} , this is link basically where I append the id(id comes from DB) send this to the servlet and it the pulls the records from db for corresponding id and then sends it back again to JSP for display.But I am not able to figure out as why I not getting the url of jsp something like http://localhost:8080/ourstory/myiddata.jsp .So thought that let me try to rewrite the url in case if its possible. 2) if the browser /must/ send some information to the server as part of the URL, then there is /nothing/ that can be done on the server side, to stop the browser showing this information in the URL bar. To illustrate this : - imagine that the server sends a page to the browser, and this page contains a link like : a href=http://localhost:8080/mysite/getmyservice.do?id=my-very-secret-information;click here/a Then the user, just by moving his mouse above click here, sees the content of that link at the bottom of his screen, in the status bar, right ? And the user can right-click on click here, and choose copy link location. And then the user can open another browser window, and paste this URL in the URL bar. And then the user can modify this link before hitting the return button, so that the link now looks like http://localhost:8080/mysite/getmyservice.do?id=some-other-information right ? And all this happens in the browser, /before/ the server even sees this browser request. So what could the server do ? This is interesting information,how about sending the info as POST rather than Get.Not sure if I can convert clicking of the link from get from post.but I will try.But again the place where I am displaying the generating the links, is not within form, they just hyperlinks with id appended to it. Now I know both get/post can be broken if one wants it,thats all together is different case,but for now I need tidy and clean url with no id appended to it. Does my requirement makes sense ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
On Wed, Jun 13, 2012 at 11:12 AM, Kiran Badi ki...@poonam.org wrote: why I not getting the url of jsp something like http://localhost:8080/ourstory/myiddata.jsp If you want 'clean' URLs you should get rid of the '.jsp' too, but ... The bottom line is the value for 'id' needs to come from somewhere. Your choices are: 1) Embed it in the URL for GET requests, either via query string or as path info (e.g. /story/data/17 ) and handle the security aspect (if any) yourself 2) Use a form to POST the request with the id included (a bit clunky, same security issue) 3) Save the 'id' in session and use that -- everyone sees the same URL e.g. /story/data but with unique data. Obviously, this doesn't work for a resource that's intended to be shared :-) HTH, -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
Thanks Hassan. If you want 'clean' URLs you should get rid of the '.jsp' too, but ... The bottom line is the value for 'id' needs to come from somewhere. Your choices are: 1) Embed it in the URL for GET requests, either via query string or as path info (e.g. /story/data/17 ) and handle the security aspect (if any) yourself Kiran : I think this is what I am presently doing. 2) Use a form to POST the request with the id included (a bit clunky, same security issue) Form will not work as data is dynamic and form I feel will not serve the purpose. 3) Save the 'id' in session and use that -- everyone sees the same URL e.g. /story/data but with unique data. Obviously, this doesn't work for a resource that's intended to be shared :-) Yup I agree, session is ruled out.I just dont have that much patience to figure the things out if I get some nasty behavior.I just dont have that level of skill nor time. The way I have done this is ok for me, it serves my purpose and also I dont have the data which is kind of private.Its just that I was exploring if we can hide the id. HTH, - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
On Wed, Jun 13, 2012 at 2:34 PM, Kiran Badi ki...@poonam.org wrote: 1) Embed it in the URL for GET requests, either via query string or as path info (e.g. /story/data/17 ) I think this is what I am presently doing. The query string approach, yes; personally I think the pathinfo approach is cleaner visually. 2) Use a form to POST the request with the id included (a bit clunky, same security issue) Form will not work as data is dynamic and form I feel will not serve the purpose. The data being dynamic isn't relevant. And this approach *is* used by frameworks like Rails for cases where GET isn't appropriate. But each approach has advantages and disadvantages, so... -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
URL Rewriting
Hi All, For some of the functionality, I have url in the below format http://localhost:8080/mysite/getmyservice.do?id=17 What I was looking for is to hide the id part of the url and just show something like http://localhost:8080/mysite/getmyservice.do# Is this hack possible with tomcat 7.011 or 7.027 or I need to write some filter to do this? I have Tomcat 7.027 on win 7 home premium and url is generated via servlet/jsp. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
There is a handy URL rewrite filter already built. http://www.tuckey.org/urlrewrite/ You can hide the ID if you post the form but you need to be a bit more specific with what you want to do Oz On 13/06/2012, at 1:21 PM, Kiran Badi wrote: Hi All, For some of the functionality, I have url in the below format http://localhost:8080/mysite/getmyservice.do?id=17 What I was looking for is to hide the id part of the url and just show something like http://localhost:8080/mysite/getmyservice.do# Is this hack possible with tomcat 7.011 or 7.027 or I need to write some filter to do this? I have Tomcat 7.027 on win 7 home premium and url is generated via servlet/jsp. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
On 6/13/2012 9:18 AM, Oguz Kologlu wrote: There is a handy URL rewrite filter already built. http://www.tuckey.org/urlrewrite/ You can hide the ID if you post the form but you need to be a bit more specific with what you want to do Oz Thanks Oguz, I have bunch of functionalities which are showing up with urls as http://localhost:8080/mysite/getmyservice.do?id=17 and I just need to hide them and show some neat url something like mysite/getmyservice.do without displaying parameters. Will hiding the url's cause any other issues ? - Kiran On 13/06/2012, at 1:21 PM, Kiran Badi wrote: Hi All, For some of the functionality, I have url in the below format http://localhost:8080/mysite/getmyservice.do?id=17 What I was looking for is to hide the id part of the url and just show something like http://localhost:8080/mysite/getmyservice.do# Is this hack possible with tomcat 7.011 or 7.027 or I need to write some filter to do this? I have Tomcat 7.027 on win 7 home premium and url is generated via servlet/jsp. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewriting
Kiren You'll need to pass in the id somehow. Maybe something like: /mysite/service/17 and use the URL rewrite filter to map it to /mysite/getmyservice.do?id=17 Have a look at the doco for more info Should not cause any other issues. Oz On 13/06/2012, at 2:16 PM, Kiran Badi wrote: On 6/13/2012 9:18 AM, Oguz Kologlu wrote: There is a handy URL rewrite filter already built. http://www.tuckey.org/urlrewrite/ You can hide the ID if you post the form but you need to be a bit more specific with what you want to do Oz Thanks Oguz, I have bunch of functionalities which are showing up with urls as http://localhost:8080/mysite/getmyservice.do?id=17 and I just need to hide them and show some neat url something like mysite/getmyservice.do without displaying parameters. Will hiding the url's cause any other issues ? - Kiran On 13/06/2012, at 1:21 PM, Kiran Badi wrote: Hi All, For some of the functionality, I have url in the below format http://localhost:8080/mysite/getmyservice.do?id=17 What I was looking for is to hide the id part of the url and just show something like http://localhost:8080/mysite/getmyservice.do# Is this hack possible with tomcat 7.011 or 7.027 or I need to write some filter to do this? I have Tomcat 7.027 on win 7 home premium and url is generated via servlet/jsp. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/10/12 2:20 AM, Casper Wandahl Schmidt wrote: Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? The host manager webapp is in the main part of the TC code, but it's all contained in a single package: org/apache/catalina/manager/host. It's 3 classes, one of which looks like it's nothing but constants. It should be fairly clear how the host manager is doing its work, but re-writing XML is a risky business because most people don't like to lose the comments and spacing, etc. that they have explicitly put into their configuration files. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk81PJEACgkQ9CaO5/Lv0PD07gCfYsVGZfu+YqUiRrnFXx4eZBzs IOAAoJxFIoUnjuY8gTAx/brXxZkpaIEq =xMt0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
On 10 Feb 2012, at 07:21, Casper Wandahl Schmidt kalle.pri...@gmail.com wrote: Den 09-02-2012 22:02, Christopher Schultz skrev: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? Look for the digester package to see how Tomcat reads from server.xml. p Casper - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk and URL rewriting/proxying?
Hi List I have a quick question (I hope). I'm using mod_jk to forward from Apache httpd 2.2.8 to tomcat 7.0.20 (Ubuntu 8.04). I think I saw something on this list some time ago but can't remember what it was really about (the real issue was not want I want to do). So I want users to access my webapp from xxx.yyy.zz and then have apache/mod_jk to change it to xxx.yyy.zz/myapp According to http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html I have to manipulate headers but as far as I remember there was something about ProxyPass and ProxyPassReverse. Are they only available to mod_proxy or mod_ajp? I don't want the app to become ROOT since I have another app that should be running as ROOT. I thought about making seperat host's in server.xml but I dont like the fact that I need to restart tomcat each time I need to add a new host so I thought I might achieve want I want by letting apache httpd take care of that part. Kind regards Casper - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk and URL rewriting/proxying?
From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
On 09.02.2012 19:07, Casper Wandahl Schmidt wrote: Hi List I have a quick question (I hope). I'm using mod_jk to forward from Apache httpd 2.2.8 to tomcat 7.0.20 (Ubuntu 8.04). I think I saw something on this list some time ago but can't remember what it was really about (the real issue was not want I want to do). So I want users to access my webapp from xxx.yyy.zz and then have apache/mod_jk to change it to xxx.yyy.zz/myapp According to http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html I have to manipulate headers but as far as I remember there was something about ProxyPass and ProxyPassReverse. Are they only available to mod_proxy or mod_ajp? Yes, those can currently not be combined with mod_jk. Sorry. I don't want the app to become ROOT since I have another app that should be running as ROOT. I thought about making seperat host's in server.xml but I dont like the fact that I need to restart tomcat each time I need to add a new host so I thought I might achieve want I want by letting apache httpd take care of that part. You might want to look at the host-manager webapp. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk and URL rewriting/proxying?
-Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Thursday, February 09, 2012 12:36 PM To: Tomcat Users List Subject: RE: mod_jk and URL rewriting/proxying? From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. - Chuck Chuck - Does the host-manager persist changes now, or is it still running changes only? That is, does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk and URL rewriting/proxying?
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: mod_jk and URL rewriting/proxying? does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? A brief scan of the code indicates that you will have to maintain server.xml yourself. All I could see was code that manipulates the active objects; nothing seems to be persisted. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
On 09/02/2012 20:18, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: mod_jk and URL rewriting/proxying? does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? A brief scan of the code indicates that you will have to maintain server.xml yourself. All I could see was code that manipulates the active objects; nothing seems to be persisted. Correct. There was some code that tried to do this back in 5.5.x but it was buggy, not maintained and therefore got dropped. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
Den 09-02-2012 22:02, Christopher Schultz skrev: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? Casper - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Changing url rewriting behaviour (';jsessionid')
Hi, everybody. First of all: I'm sorry for my poor English. Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 Thanks in advance ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
You can use http://tuckey.org/urlrewrite/ to do your rewriting. Lots of people on the list recommend it. On Jun 29, 2009, at 3:16 PM, Daniel Henrique Alves Lima wrote: Hi, everybody. First of all: I'm sorry for my poor English. Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 Thanks in advance ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 6/29/2009 3:16 PM, Daniel Henrique Alves Lima wrote: Hi, everybody. First of all: I'm sorry for my poor English. Your English is quite good! Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? Are you trying to change the URLs that are emitted in the HTML your application generates? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. So, you have written a simple client to: 1. Download a page 2. Convert that page 3. Follow links and go back to step #1 ?? If yes, then you will have to capture the session id somehow, so you can send it back to the server when you request additional pages. Without cookies or the ;jsessionid parameter, how will you know what the session id is? I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). If you are just trying to remove the ;jsessionid=... from the URL, then the use of authentication is not relevant /after/ the login page is shown. Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? I don't think you want to change the /incoming/ request, do you? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? Okay, so it sounds like you want to either remove or change the way that the session id is encoded in URLs. This can be done by overriding the response's encodeURL and encodeRedirectURL methods using a filter: public class JSessionIdParameterMungingFilter implements javas.servlet.Filter { public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain) { if(shouldWrap(req) rsp instanceof HttpServletResponse ((HttpServletRequest)req).isRequestedSessionIdFromCookie()) rsp = new ResponseWrapper((HttpServletRequest)req, (HttpServletResponse)rsp); chain.doFilter(req, rsp); } public boolean shouldWrap(ServletRequest req) { // Here is where you decide if you want to turn on this // jsessionid munging. I have chosen to use a URL parameter // munge_jsessionid as a trigger return true.equalsIgnoreCase(request.getParameter(munge_jsessionid)); } static class ResponseWrapper extends javax.servlet.http.HttpServletResponseWrapper { private HttpServletRequest _request; public ResponseWrapper(HttpServletRequest req, HttpServletResponse rsp) { super(rsp); _request = req; } public String encodeURL(String url) { if(url.contains(?)) url += jsessionid= + _request.getSessionId(); else url += ?jsessionid= + _request.getSessionId(); return url; } } } I haven't even checked to see if this filter compiles, but the concept is pretty clear: you change the way the jsessionid parameter is encoded from using a ; to using ? or . The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 The user Villeroy on this thread is correct when he announces his own ignorance: ';' is a perfectly acceptable parameter delimiter for a URL. This is a bug in the URL-handling library for OOo. Can you use HttpURLConnection directly? I do not believe it has this limitation. Can you post the code you have written using the OOo API? Is there any particular reason you are using OOo instead of plain-old Java? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpJIM0ACgkQ9CaO5/Lv0PC+VACfXTVWWcuI+YQghiW2KAbGLxFS awkAnA9UKdzMWxRLh4kDbIAxyvQvwLgX =/oIx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Mon, 2009-06-29 at 16:15 -0400, Christopher Schultz wrote: Hi, Chris ! Are you trying to change the URLs that are emitted in the HTML your application generates? Yes and no. Declarative security will only work if tomcat recognizes jsession id (either coming encoded in requested URL or set in JSESSIONID cookie). Without cookie support, authentication mechanism will be called for every request (one for the html/jsp page and many others for the referenced resources like images, js scripts and etc). If i only change URLs generated by our webapp (for instance from '/index.jsp;jsessionid=ABC' to '/index.jspjsessionid='ABC'), i THINK that ooffice will successfully send requests to Tomcat, but the container will can't infer jsession id and it will redirect to login page. So, you have written a simple client to: 1. Download a page 2. Convert that page 3. Follow links and go back to step #1 OOffice do the work. I just need to call load document :-) ?? If yes, then you will have to capture the session id somehow, so you can send it back to the server when you request additional pages. Without cookies or the ;jsessionid parameter, how will you know what the session id is? It's a feature to convert html reports to pdf: 1. Authenticated user fill a form and click a button; 2. On the server side, we - Capture session id using HttpSession.getId(); - Execute load document (ooffice) using url with encoded jsessionid (for instance, http://localhost:8080/path/generate_report;jsessionid=ABC?a=12b=1 ) - Execute export document to pdf (ooffice); - Close document (oofice); - Change the response content type to pdf and copy bytes from local file to response file. There are some cache mechanisms of course ;-). If you are just trying to remove the ;jsessionid=... from the URL, then the use of authentication is not relevant /after/ the login page is shown. I cannot expect the login page or ooffice will render the login page instead of the report page. I don't think you want to change the /incoming/ request, do you? Yes, i want :-) Take a look at this access log from tomcat: [29/Jun/2009:17:49:02 -0300] /path/index.jsp 200 2E9DE25E06EFEF475619B60647249809 GET /path/index.jsp HTTP/1.0 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 200 - OPTIONS /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 404 - GET /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 The first line is a successfully wget. The other two lines are unsuccessfully ooffice. It seems that ooffice is escaping the requested path :-( I was thinking in a Valve to receive a 'jsessionid=' and change to ';jsessionid=' before the processing of authentication/authorization mechanism. But i don't know if this is possible. I'll have to fix redirect response headers or... Okay, so it sounds like you want to either remove or change the way that the session id is encoded in URLs. This can be done by overriding the response's encodeURL and encodeRedirectURL methods using a filter: This is another part of the job: Generated URLs will use 'jsession' sintax instead of ';jsession' so they can make ooffice happy ;-) The user Villeroy on this thread is correct when he announces his own ignorance: ';' is a perfectly acceptable parameter delimiter for a URL. This is a bug in the URL-handling library for OOo. Can you use HttpURLConnection directly? I do not believe it has this limitation. I need ooffice to convert the reports. Thanks in advance ! -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. I was just wondering if was easier to modify/specialize tomcat behavior than my previous alternatives. On Mon, 2009-06-29 at 19:24 -0300, Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? Ok then, let me suggest maybe another architecture, a bit different, but where you might not have that problem. I will just propose the general outline. 7) the PDF button on the page, points to the same URL as the one by which the page was retrieved, plus an additional query parameter. For example : http://the original page URL...?p1=v1p2=v2fmt=PDF. (You could even generate that on-the-fly using some javascript) 8) you create a servlet filter around your webapp. This servlet filter, on the way in, picks up the additional parameter. If it is not there, it does nothing and the request is processed as usual, giving a html result page. If the additional parameter is there, the filter sets a flag (for example, request.setAttribute(x)) 9) the request is processed as normally by your webapp, generating the html response 10) on the way out, the filter intercepts the response. If the flag is not set, it does nothing and lets the html response through. If the flag is set, it does something totally different. 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). This way, OOo never has to deal with a URL, and thus also not with the jsessionid. You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget to retrieve the original page and its embedded content, rewriting the embedded URLs appropriately (it can do that), and then call OOo on the html file. One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 00:52 +0200, André Warnier wrote: Hi, Andre ! 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). I've used this approach once. But at that time, we only need the html source. Now i need the html source and all the referenced resources (images, csss, jss and another servlets/jsps). You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) I'll look. Thanks. You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). Yes, that is the problem. In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget I could use wget directly from a non protected servlet. But i'll prefer a java crawler (is there any port of wget to Java ?) because other developers use Microsoft Windows :-( One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? It doesn't. You have two alternatives: 1. Init just once oo server and serialize the access to it (throw a linked list of task or something like that); 2. Init a pool of oo servers (each one in a different port) and run each task in a different server. We already use oo in another part of our application and it works fine. The ideal, i think, is avoid to perform a lot of transformations online and cache generated files as much as possible. Thanks ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 01:02 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. Yes. But i don't need this request-response magic all the time. I just need this to make oo happy :-) 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. But i'll invoke the crawler specifying ';jsessionid='. With this, it will execute as the source client. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima email_danie...@yahoo.com.br wrote in message news:1246314288.10803.6.ca...@magnaopus.no-ip.biz... Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. The custom valve isn't that complicated (but of course, it ties you to Tomcat, and may need to be updated when you change from major releases). It would probably look something like: public class MySessionValve extends ValveBase { public void invoke(Request request, Response response) throws IOException, ServletException { String sessionID = getSessionId(request); if(sessionID != null) { request.setRequestedSessionId(sessionID); } getNext().invoke(request, response); } private String getSessionId(Request request) { // Logic to extract the sessionID from the request here } } On all supported versions of Tomcat, this will be invoked before authentication (or at least if you don't make major changes to the configuration). If this was my project, I'd probably take the big one-time pain of creating a Tag to decide how to encode links (based on user-agent or otherwise) and change all my pages to use it. Otherwise, a Filter that wraps the response and overrides getWriter is probably easier than trying to wrap the TC internal Response. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
First of all: Thanks (Christopher, Andre, Bill and everybody) ! The complete solution is compound of 3 parts: 1. The Valve to process jsessionid (just a piece of the source code) if (!request.isRequestedSessionIdFromCookie()) { String jsessionid = request.getParameter(jsessionid); if (jsessionid != null request.getRequestedSessionId() == null) { request.setRequestedSessionId(jsessionid); request.setRequestedSessionURL(true); } } Valve nextValve = getNext(); if (nextValve != null) { nextValve.invoke(request, response); } I've configured this Valve in Tomcat specific webapp deployment descriptor (context.xml) 2. The Servlet Filter to overwrite URL encoding (just a piece) HttpServletRequest request = (HttpServletRequest) aRequest; String jsessionid = request.getParameter(jsessionid); String sessionId = request.getRequestedSessionId(); if (request.isRequestedSessionIdFromURL() jsessionid != null jsessionid.equals(sessionId)) { aResponse = new HttpServletResponseWrapper((HttpServletResponse) aResponse) { @Override public String encodeRedirectURL(String url) { return this.encodeURLImpl(super.encodeRedirectURL(url)); } private String encodeURLImpl(String url) { StringBuilder newURL = new StringBuilder(url); final String searchString = ;jsessionid=; int i = newURL.indexOf(searchString); if (i = 0) { int j = newURL.indexOf(?, i); newURL.replace(i, i + 1, ?); if (j = 0) { newURL.replace(j, j + 1, ); } } return newURL.toString(); } 3. Tag libraries to handle url encoding properly This was the easy part. We're using the grandpa of all Java web MVC frameworks: Struts 1.x :-) So i've just used 'html:' tags and the magic is done ! Now OO is happy and i (really) need to sleep. Thanks ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No URL rewriting when cookies are disabled
Yep, that was it exactly... I've been spoiled by frameworks :) I did some experimentation myself, and dug a little in framework code, and indeed, this has been taken care for me in the past, and I assumed it's done by Tomcat (or any servlet container, for that matter), but it isn't. Thanks, Naaman Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: Actually, I was just perusing a page in the Tomcat 6 docs : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html and it actually says, for the cookies attribute : Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting *by the application*. André has the answer right here (though without details). In order to get your application to rewrite URLs, you need to pass every single outgoing URL through the HttpServletResponse.encodeURL method (or HttpServletResponse.encodeRedirectURL if you are using a redirect). I've found that this is detail is often overlooked in web applications. Most JSP tag libraries and things like that do this transparently, so you may not have even been aware that it was a requirement. Good luck reviewing all that code ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt +2YAoKYSCgXVEzLMhSFFk309g0OhO8kP =SKW6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/No-URL-rewriting-when-cookies-are-disabled-tp21854081p21896827.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No URL rewriting when cookies are disabled
nlif wrote: Hi all, I am using Tomcat 6.0.18, with Firefox 3.0.6. I have a simple servlet, which calls request.getSession(true), and expects to create a session only on the first request, and resume an existing session on all subsequent requests. As far as I know, according to the servlet-spec, servlet containers (e.g. Tomcat), should automatically fallback to URL rewriting (i.e. adding the jsessionid parameter to the url) when the browser refuses to accept cookies. This works fine with cookies enabled, however, as soon as I disable cookies in my browser, a new session is created for each request, and the jsessionid is not appended to the URL. Shouldn't this work by default? (I know I can modify the application code to handle this, but I assumed this is not necessary.) Actually, I was just perusing a page in the Tomcat 6 docs : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html and it actually says, for the cookies attribute : Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting *by the application*. (emphasis is mine) That sounds to me as, if you want to use URL-rewriting, you have to do it explicitly in the application. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No URL rewriting when cookies are disabled
It's a known bug in Tomcat, if I'm not mistaken: https://issues.apache.org/bugzilla/show_bug.cgi?id=43839 Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: No URL rewriting when cookies are disabled
From: Gregor Schneider [mailto:rc4...@googlemail.com] Subject: Re: No URL rewriting when cookies are disabled It's a known bug in Tomcat, if I'm not mistaken: https://issues.apache.org/bugzilla/show_bug.cgi?id=43839 That bug was fixed over a year ago, and the fix is in the version the OP is running. As Andre said, it's up to the code in the webapp to call the appropriate methods to rewrite URLs. If you don't want to change your code, you may be able to use this: http://tuckey.org/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No URL rewriting when cookies are disabled
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: Actually, I was just perusing a page in the Tomcat 6 docs : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html and it actually says, for the cookies attribute : Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting *by the application*. André has the answer right here (though without details). In order to get your application to rewrite URLs, you need to pass every single outgoing URL through the HttpServletResponse.encodeURL method (or HttpServletResponse.encodeRedirectURL if you are using a redirect). I've found that this is detail is often overlooked in web applications. Most JSP tag libraries and things like that do this transparently, so you may not have even been aware that it was a requirement. Good luck reviewing all that code ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt +2YAoKYSCgXVEzLMhSFFk309g0OhO8kP =SKW6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: No URL rewriting when cookies are disabled
Hi, Pimping the JSP XML syntax and XSL... :) If, by any chance your JSPs are using XML syntax (or well-formed or can be well-formed), you can use XSL to transform all of your links to be encoded for cookie-less users. For example, the following JSP: jsp:root xmlns:jsp=http://java.sun.com/JSP/Page; xmlns:c=http://java.sun.com/jsp/jstl/core version=2.0 jsp:output omit-xml-declaration=yes doctype-root-element=html doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd doctype-public=-//W3C//DTD XHTML 1.0 Transitional//EN/ jsp:directive.page session=false contentType=text/ html;charset=UTF-8 pageEncoding=UTF-8/ html xmlns=http://www.w3.org/1999/xhtml; head titlefoo/title /head body pblah blah a href=foo.jsp?id=${obj.id}amp;foo=bar class=foofoo/a blah./p /body /html /jsp:root can use the following XSL to transform it: ?xml version=1.0 encoding=UTF-8? xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; version=2.0 xmlns:x=http://www.w3.org/1999/xhtml; xmlns:c=http://java.sun.com/jsp/jstl/core; exclude-result-prefixes=x xsl:strip-space elements=*/ xsl:output method=xhtml / xsl:template match=@*|node() xsl:copy xsl:apply-templates select=@*|node()/ /xsl:copy /xsl:template xsl:template match=x:a...@href] c:url var=uri value={substring-before(@href, '?')} xsl:if test=contains(@href, '?') xsl:variable name=querystring select=substring- after(@href, '?')/ xsl:variable name=params select=tokenize($querystring, 'amp;')/ xsl:for-each select=$params xsl:variable name=param select=tokenize(., '=')/ c:param name={$param[1]} value={$param[2]} / /xsl:for-each /xsl:if /c:url xsl:copy xsl:copy-of select=@* except @href/ xsl:attribute name=href${uri}/xsl:attribute xsl:apply-templates/ /xsl:copy /xsl:template /xsl:stylesheet to create: ?xml version=1.0 encoding=UTF-8?jsp:root xmlns:jsp=http://java.sun.com/JSP/Page xmlns:c=http://java.sun.com/jsp/jstl/core; version=2.0 jsp:output omit-xml-declaration=yes doctype-root-element=html doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd doctype-public=-//W3C//DTD XHTML 1.0 Transitional// EN/jsp:output jsp:directive.page session=false contentType=text/ html;charset=UTF-8 pageEncoding=UTF-8/jsp:directive.page html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=UTF-8 / titlefoo/title /head body pblah blah c:url var=uri value=/foo.jsp c:param name=id value=${obj.id}/c:param c:param name=foo value=bar/c:param /c:urla class=foo href=${uri}foo/a blah. /p /body /html /jsp:root best, -Rob On Feb 5, 2009, at 6:28 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: Actually, I was just perusing a page in the Tomcat 6 docs : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html and it actually says, for the cookies attribute : Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting *by the application*. André has the answer right here (though without details). In order to get your application to rewrite URLs, you need to pass every single outgoing URL through the HttpServletResponse.encodeURL method (or HttpServletResponse.encodeRedirectURL if you are using a redirect). I've found that this is detail is often overlooked in web applications. Most JSP tag libraries and things like that do this transparently, so you may not have even been aware that it was a requirement. Good luck reviewing all that code ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt +2YAoKYSCgXVEzLMhSFFk309g0OhO8kP =SKW6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to disable tomcat url rewriting
Hi all, I'm now using tomcat6.0 as my app server. Then how can I disable tomcat's url rewriting forcely? I've tried several ways, eg. put a context.xml in folder META-INF with the following content: ?xml version='1.0' encoding='UTF-8'? Context path='/app' cookies='true' !-- other settings -- /Context But seems it does not work. Any suggestion would be appreciated. Thanks.
RE: How to disable tomcat url rewriting
From: 田标 [mailto:[EMAIL PROTECTED] Subject: How to disable tomcat url rewriting Then how can I disable tomcat's url rewriting forcely? What do you mean by tomcat's url rewriting? Are you referring to appending JSESSIONID to any URLs returned? This thread discusses some alternatives: http://marc.info/?l=tomcat-userm=119341677911292w=2 ?xml version='1.0' encoding='UTF-8'? Context path='/app' cookies='true' !-- other settings -- /Context By the way, the path attribute is not allowed here, so remove that, and cookies are enabled by default, so that's not needed either. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
mod_jk and url rewriting+forwarding
hi, I want to forward http://proxy/gqaf:soi:PAR:TRE:001 (proxy is an apache) to http://backend:8080/gqaf-web/gqaf:soi:PAR:TRE:001 (backend:8080 is a tomcat server) I downloaded mod_jk and modified httpd.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/local/apache224/conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel debug JkMount /*TRE* MyWorker and created workers.properties: workers.java_home=/usr/local/java/jdk1.6.0_03/ ps=/ worker.list=MyWorker worker.MyWorker.port=8080 worker.MyWorker.host=backend worker.MyWorker.type=ajp13 From logs: [Tue Apr 01 21:33:48.890 2008] [27044:1] [debug] ajp_send_request::jk_ajp_common.c (1395): (MyWorker) request body to send 0 - request body to resend 0 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (1004): (MyWorker) can't receive the response message from tomcat, tomcat (172.21.26.218:8080) has forced a connection close for socket 19 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_get_reply::jk_ajp_common.c (1766): (MyWorker) Tomcat is down or refused connection. No response has been sent to the client (yet) [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] ajp_service::jk_ajp_common.c (2186): (MyWorker) sending request to tomcat failed (recoverable), (attempt=2) [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_service::jk_ajp_common.c (2204): (MyWorker) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (MyWorker) resetting endpoint with sd = 4294967295 (socket shutdown) [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker MyWorker [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] jk_handler::mod_jk.c (2364): Service error=0 for worker=MyWorker I checked tomcat and it is up. Any idea? thanks __ Sent from Yahoo! Mail. A Smarter Inbox http://uk.docs.yahoo.com/nowyoucan.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk and url rewriting+forwarding
mod_jk doesn't use the HTTP protocol. It uses the AJP13 protocol. Unless you've done something unusual with your tomcat, the 8080 connector will be talking HTTP, not AJP. Default AJP port is usually 8009, so try 'worker.MyWorker.port=8009' in your workers.properties file. If you've changed the ajp connector's port config, then use that. --David Melanie Pfefer wrote: hi, I want to forward http://proxy/gqaf:soi:PAR:TRE:001 (proxy is an apache) to http://backend:8080/gqaf-web/gqaf:soi:PAR:TRE:001 (backend:8080 is a tomcat server) I downloaded mod_jk and modified httpd.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/local/apache224/conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel debug JkMount /*TRE* MyWorker and created workers.properties: workers.java_home=/usr/local/java/jdk1.6.0_03/ ps=/ worker.list=MyWorker worker.MyWorker.port=8080 worker.MyWorker.host=backend worker.MyWorker.type=ajp13 From logs: [Tue Apr 01 21:33:48.890 2008] [27044:1] [debug] ajp_send_request::jk_ajp_common.c (1395): (MyWorker) request body to send 0 - request body to resend 0 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (1004): (MyWorker) can't receive the response message from tomcat, tomcat (172.21.26.218:8080) has forced a connection close for socket 19 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_get_reply::jk_ajp_common.c (1766): (MyWorker) Tomcat is down or refused connection. No response has been sent to the client (yet) [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] ajp_service::jk_ajp_common.c (2186): (MyWorker) sending request to tomcat failed (recoverable), (attempt=2) [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_service::jk_ajp_common.c (2204): (MyWorker) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (MyWorker) resetting endpoint with sd = 4294967295 (socket shutdown) [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker MyWorker [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] jk_handler::mod_jk.c (2364): Service error=0 for worker=MyWorker I checked tomcat and it is up. Any idea? thanks __ Sent from Yahoo! Mail. A Smarter Inbox http://uk.docs.yahoo.com/nowyoucan.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk and url rewriting+forwarding
David Smith schrieb: mod_jk doesn't use the HTTP protocol. It uses the AJP13 protocol. Unless you've done something unusual with your tomcat, the 8080 connector will be talking HTTP, not AJP. Default AJP port is usually 8009, so try 'worker.MyWorker.port=8009' in your workers.properties file. If you've changed the ajp connector's port config, then use that. --David And additionally: if you need to change the URL path between the request to Apache httpd and to the backend (in your case it looks like you want to prepend /gqaf-web), add mod_rewrite to your config, define a RewriteRule that changes the URL as required and put the passthrough flag [PT] directly after the RewriteRule. Regards, Rainer Melanie Pfefer wrote: hi, I want to forward http://proxy/gqaf:soi:PAR:TRE:001 (proxy is an apache) to http://backend:8080/gqaf-web/gqaf:soi:PAR:TRE:001 (backend:8080 is a tomcat server) I downloaded mod_jk and modified httpd.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/local/apache224/conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel debug JkMount /*TRE* MyWorker and created workers.properties: workers.java_home=/usr/local/java/jdk1.6.0_03/ ps=/ worker.list=MyWorker worker.MyWorker.port=8080 worker.MyWorker.host=backend worker.MyWorker.type=ajp13 From logs: [Tue Apr 01 21:33:48.890 2008] [27044:1] [debug] ajp_send_request::jk_ajp_common.c (1395): (MyWorker) request body to send 0 - request body to resend 0 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (1004): (MyWorker) can't receive the response message from tomcat, tomcat (172.21.26.218:8080) has forced a connection close for socket 19 [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_get_reply::jk_ajp_common.c (1766): (MyWorker) Tomcat is down or refused connection. No response has been sent to the client (yet) [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] ajp_service::jk_ajp_common.c (2186): (MyWorker) sending request to tomcat failed (recoverable), (attempt=2) [Tue Apr 01 21:34:08.897 2008] [27044:1] [error] ajp_service::jk_ajp_common.c (2204): (MyWorker) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (MyWorker) resetting endpoint with sd = 4294967295 (socket shutdown) [Tue Apr 01 21:34:08.897 2008] [27044:1] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker MyWorker [Tue Apr 01 21:34:08.897 2008] [27044:1] [info] jk_handler::mod_jk.c (2364): Service error=0 for worker=MyWorker I checked tomcat and it is up. Any idea? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
URL rewriting and mod_jk
Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars
Re: URL rewriting and mod_jk
Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting and mod_jk
Hi Rainer, and thanks for your reply. The [PT] at the end of the line seems to be the 'trick'. I have another question: If the user enters: http://www.domainname.dk/news/news.jsp?id=5, is there then any way to force the url to change to: http://www.domainname.dk/news/news/5/ ? thanks, Lars Rainer Jung skrev: Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: URL rewriting and mod_jk
Hi lars, you can match against QUERY_STRING in RewriteCond and then use the match via %N in the replacement part of the RewriteRule. See QUERY_STRING and %N in the docs page of mod_rewrite. For more special mod_rewrite questions not directly related to mod_jk or Tomcat interoperability, the httpd user list would be a better place. Regards, Rainer Lars Nielsen Lind wrote: Hi Rainer, and thanks for your reply. The [PT] at the end of the line seems to be the 'trick'. I have another question: If the user enters: http://www.domainname.dk/news/news.jsp?id=5, is there then any way to force the url to change to: http://www.domainname.dk/news/news/5/ ? thanks, Lars Rainer Jung skrev: Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting issue in tomcat
Use UrlRewriteFilter: http://tuckey.org/urlrewrite/ to express the rules you need. int wrote: I have two sites running on the same server that are sharing classes, jsps, etc. I want them to be accessible via two different domains though, as follows: http://domain.com/ should serve files from /webapps/ROOT http://otherdomain.com/should serve files from /webapps/ROOT/otherdomain [I don't want to create a virtual host, because all the jsps and class files will have to be replicated and the war file expanded to two places]. What I need is a simple Url Rewrite based on host. If the host is otherdomain.com then simply prepend otherdomain to the uri. Is there a relatively simple way to do this in Tomcat, since I'm not able to find any? Thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
URL rewriting issue in tomcat
I have two sites running on the same server that are sharing classes, jsps, etc. I want them to be accessible via two different domains though, as follows: http://domain.com/ should serve files from /webapps/ROOT http://otherdomain.com/should serve files from /webapps/ROOT/otherdomain [I don't want to create a virtual host, because all the jsps and class files will have to be replicated and the war file expanded to two places]. What I need is a simple Url Rewrite based on host. If the host is otherdomain.com then simply prepend otherdomain to the uri. Is there a relatively simple way to do this in Tomcat, since I'm not able to find any? Thanks! -- View this message in context: http://www.nabble.com/URL-rewriting-issue-in-tomcat-tf4863127.html#a13916622 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Tracking(URL rewriting) how to avoid session Id in URL
Hi, I am using JSF on JBOSS. I disabled cookies and use URL rewriting for session tracking. All h:outputLink URLs have session id that are added automatically. I like to the link to open in a new session. How to prevent session id on the URL? Thanks, dave - The fish are biting. Get more visitors on your site using Yahoo! Search Marketing.
Re: URL rewriting For Session Tracking
Or if you use the JSP standard tag lib (JSTL) you can do: c:url value= second.jspsecond page/c:url -- Len On 1/4/07, Bill Barker [EMAIL PROTECTED] wrote: Usually you would use a tag lib for this sort of thing. With struts, it would look something like: html:a href=second.jspsecond page /html:a [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Your reply answered another question that I had. But I think I still haven't described my current question clearly. suppose I have 3 JSP pages in my application. -- first.jsp second.jsp third.jsp -- Now, in my first.jsp, I have nothing but 2 links to the other two JSP pages. If I want the session to be maintain when use clicks on the links to go to the other pages, then can first.jsp be the following: -- a href=second.jspsecond page/a a href=third.jspthird page/a -- Or, the code in first.jsp must be the following: -- a href='%=response.encodeURL(second.jsp)%'second page/a a href='%=response.encodeURL(second.jsp)'%second page/a Note: If I use the first syntax, then unless Tomcat or some patch or filter parse the code and add the jsessionid to the link automatically, then the user will be losing the session when to goes from first.jsp to the other ones. And that's my question; can I use the first syntax. Or there is no way but to use the second syntax if I want the session to be kept. Thanks, Kasra - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 03, 2007 9:56 PM Subject: RE: URL rewriting For Session Tracking From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I'm not aware of any config parameter that will force creation of sessions for all clients, but all you should have to do is put the following somewhere in the request processing path of each servlet: request.getSession(true); This doesn't need to go into your servlet or JSP code - you can write a simple filter class that does nothing but run the above code to force the creation of a session if one doesn't already exist. The filter mapping can go into conf/web.xml so it will apply to all apps deployed within your Tomcat instance, or in each appropriate webapp's web.xml file. Note that per the servlet spec, Tomcat will use cookies not URL rewriting for session tracking; it will fall back to URL rewriting if the client refuses cookies. You can also disable use of cookies by setting cookies=false in your Context elements (or the global conf/context.xml file). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I think you are misinterpreting the OP's question... I think he wants to /force/ the use of URL rewriting to include the jsessionid. In that case, he /must/ run all his links through HttpServletResponse.encodeURL. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnQLt9CaO5/Lv0PARAvMmAJ97y7GDRY3fY9XsAH9GCKL9lGz86QCfS1CA k7lL+g3W3pq7tQGGlCzEYIk= =Tiss -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
[EMAIL PROTECTED] wrote: All I want to do is 'URL rewriting For Session Tracking'. Do I have to do this manually in my code (using response.encodeURL), or is there an automatic way of doing this in Tomcat (such as using a filter or value) that would handle this for me? Add cookies=false to context.xml of your application and use JSTL c:url, Struts html:link, etc depending on your application design. http://tomcat.apache.org/tomcat-5.5-doc/config/context.html -- Mikolaj Rydzewski [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
RE: URL rewriting For Session Tracking
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking I think you are misinterpreting the OP's question... I think he wants to /force/ the use of URL rewriting to include the jsessionid. In that case, he /must/ run all his links through HttpServletResponse.encodeURL. So setting cookies=false in the Context element isn't sufficient? (Assuming a session has been created via request.getSession(true), of course.) I haven't tried it, but that's the implication I got from reading the doc. What does cookies=false actually do, then? To step back a little: why would it be important to use URL encoding to track sessions rather than do it with cookies? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: So setting cookies=false in the Context element isn't sufficient? That just tells Tomcat not to use cookies to send session identification to the browser. Yes, the alternative to cookies is the use of URL rewriting to put the jsessionid into the URL, but that actually has to be done somewhere. To step back a little: why would it be important to use URL encoding to track sessions rather than do it with cookies? Maybe they have a no cookies requirement or something like that. I personally write all my apps so that the widest audience can use them. Cookies are not requires in any of the apps I have written in the last few years. In order to achieve that, one must encode every URL that gets put into a web page. Some JSP taglibs provide this capability so you don't have to worry about it. But, that means that every URL you emit must go through one of those tags. I mostly use Velocity (not JSP) and there are niceties in the Velocity-Tools package (that work with Struts, which is a bonus) that do the same thing. It all comes down to the same thing: you must run your URLs through HttpServletResponse.encodeURL if you want to use URL rewriting at all. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnRnI9CaO5/Lv0PARAtfpAJ4qW0hrjvzbXhRGg3CrF3tsMUmuLQCbBz05 5bu0ZELNsuHss9CoJQDnaJ8= =2D9m -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
En l'instant précis du 01/04/07 16:04, Caldarale, Charles R s'exprimait dans toute sa noblesse: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking I think you are misinterpreting the OP's question... I think he wants to /force/ the use of URL rewriting to include the jsessionid. In that case, he /must/ run all his links through HttpServletResponse.encodeURL. So setting cookies=false in the Context element isn't sufficient? no, setting cookies=false just disable session tracking using cookies. Proper link to your webapplication should travel inside encodeUrl() at some point before rendering it to outputstream. Most tag that output urls are doing it internally (struts:link/, c:url/ amongst other are doing it) (Assuming a session has been created via request.getSession(true), of course.) I haven't tried it, but that's the implication I got from reading the doc. Strange, reading the doc i see this Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. . That is clear, if you set to false, you must use url rewriting in your application to track session identifier. Setting cookies to false won't magically parse all your pages to add session identifier. (See J2EE specifications for details) What does cookies=false actually do, then? It disables use of cookies for session tracking To step back a little: why would it be important to use URL encoding to track sessions rather than do it with cookies? Because 1) not everyone has cookies enabled in their browser 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
David Delbecq wrote: 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) Hello David, I've never thought about that; it looks interesting. Do you have a real use case for that? Thank you in advance. _F_M - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL rewriting For Session Tracking
From: fausto mancini [mailto:[EMAIL PROTECTED] 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) Hello David, I've never thought about that; it looks interesting. Do you have a real use case for that? Here's one: Principle of least privilege. I regularly have a normal (user) session on a Web application open. Sometimes I want to perform administrative actions on that same webapp, and at that point it's useful to be able to create a short-lived second admin session without closing my user session. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL rewriting For Session Tracking
From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Many thanks to Chris and David for the enlightenment. Another question: How would one handle links embedded in static content? Is it simply a matter of don't do that? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
Caldarale, Charles R wrote: To step back a little: why would it be important to use URL encoding to track sessions rather than do it with cookies? Some log analyzers use such information to generate user profiles, etc. -- Mikolaj Rydzewski [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: URL rewriting For Session Tracking
En l'instant précis du 01/04/07 16:32, fausto mancini s'exprimait dans toute sa noblesse: David Delbecq wrote: 2) in some cases it can be useful to have 2 sessions in same browser (something you can't do with cookies) Hello David, I've never thought about that; it looks interesting. Do you have a real use case for that? Thank you in advance. _F_M - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Several 1) you need to debug a concurrency problem with 2 users in your webapp. It's easier to reproduce it if you can log in as 2 different users at the same time (just disable cookies on browser and done) 2) A site admin want to have on the site the 'look of the site as anonymous' without having to logout/log in 3) You want to check how webapp behave when one user has 2 sessions (active on 2 different terminals for example) Of course, first is anyway incompatible with http based authentification, can only work on form based authentification (because browser caches the user/pass) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Many thanks to Chris and David for the enlightenment. Another question: How would one handle links embedded in static content? Is it simply a matter of don't do that? Yeah, it's basically a don't do that kind of situation. If cookies aren't being used for whatever reason, static content will certainly trip you up. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFnSLf9CaO5/Lv0PARAo9FAKC4S46+6J6YKCLVBkDYnlpF9E+ovQCdE6bN WHOKs9dEHz8SYOgBe21I6aE= =C972 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL rewriting For Session Tracking
From: David Delbecq [mailto:[EMAIL PROTECTED] Of course, first is anyway incompatible with http based authentification, can only work on form based authentification (because browser caches the user/pass) Not true - if the app uses in-memory session cookies (true for ASP, ASP.Net and JSP) you just need two browser processes. I regularly start two instances of Internet Exploder... sorry, Explorer... to allow me to have multiple sessions to the same application. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
En l'instant précis du 01/04/07 16:37, Caldarale, Charles R s'exprimait dans toute sa noblesse: From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Many thanks to Chris and David for the enlightenment. Another question: How would one handle links embedded in static content? Is it simply a matter of don't do that? Yes and no :) Don't do that if you intend to use default static resource serving (the servlet you don't see and that tomcat maps to your static ressources) But there are ways around it 1) as suggested earlier in this thread, create a filter that will try to locate your links and rewrite them (quite tricky) 2) creates a servlet that maps to *.xhtml and does the parsing (less tricky as none of the urls inside static ressources are already encoded) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
Hi Bill, In my case, I can't use taglibs since I am generating the code dynamically. But even if I could use taglibs, then part of what the taglib does is really using response.encodeURL(second.jsp) to do the URL rewriting without you having to worry about it. So, I think the ultimate answer is that yes, I need to do URL rewriting for each individual link in my server manually if I want user connections to have a session associated with them; any link that I don't do this for, and the user clicks on will cause the session to be lost. And as a result, there is no magic switch that Tomcat or any filter has that I can turn on to have this automatically done. This is really what I want to know, that there is no magic switch that I am missing on. The problem is that I have thousands of links in my pages, and now I have to go in and change each one of them so that they do URL rewriting in case the user's doesn't allow cookies. Am I correct in assuming that there is no magic switch in Tomcat or anywhere to have url rewriting done for me? By the way, I know that I can write a servlet filter that would parse the response being sent to the user and do URL rewriting for any link in the response, but I think that is considered a bad practice since then every link will have the jsessionid with it. Suppose I am linking to www.yahoo.com which is outside my application, then the jsessionid will be associated with that link as well which someone had mentioned it is not a safe practice. Thanks, Kasra - Original Message - From: Bill Barker [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Wednesday, January 03, 2007 11:51 PM Subject: Re: URL rewriting For Session Tracking Usually you would use a tag lib for this sort of thing. With struts, it would look something like: html:a href=second.jspsecond page /html:a [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Your reply answered another question that I had. But I think I still haven't described my current question clearly. suppose I have 3 JSP pages in my application. -- first.jsp second.jsp third.jsp -- Now, in my first.jsp, I have nothing but 2 links to the other two JSP pages. If I want the session to be maintain when use clicks on the links to go to the other pages, then can first.jsp be the following: -- a href=second.jspsecond page/a a href=third.jspthird page/a -- Or, the code in first.jsp must be the following: -- a href='%=response.encodeURL(second.jsp)%'second page/a a href='%=response.encodeURL(second.jsp)'%second page/a Note: If I use the first syntax, then unless Tomcat or some patch or filter parse the code and add the jsessionid to the link automatically, then the user will be losing the session when to goes from first.jsp to the other ones. And that's my question; can I use the first syntax. Or there is no way but to use the second syntax if I want the session to be kept. Thanks, Kasra - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 03, 2007 9:56 PM Subject: RE: URL rewriting For Session Tracking From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I'm not aware of any config parameter that will force creation of sessions for all clients, but all you should have to do is put the following somewhere in the request processing path of each servlet: request.getSession(true); This doesn't need to go into your servlet or JSP code - you can write a simple filter class that does nothing but run the above code to force the creation of a session if one doesn't already exist. The filter mapping can go into conf/web.xml so it will apply to all apps deployed within your Tomcat instance, or in each appropriate webapp's web.xml file. Note that per the servlet spec, Tomcat will use cookies not URL rewriting for session tracking; it will fall back to URL rewriting if the client refuses cookies. You can also disable use of cookies by setting cookies=false in your Context elements (or the global conf/context.xml file). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL
URL rewriting For Session Tracking
Hi Everyone, I tried to find answer to this question on the archive and documentation, but I couldn't find a clear answer which is weird since I expected to find an answer easily. All I want to do is 'URL rewriting For Session Tracking'. Do I have to do this manually in my code (using response.encodeURL), or is there an automatic way of doing this in Tomcat (such as using a filter or value) that would handle this for me? I've been looking at HttpRedirectFilter and UrlRewriteFilter which are open source filters, but they seem to do a lot of rewriting, but not for session tracking. Thanks for Your Help, Kasra
RE: URL rewriting For Session Tracking
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: URL rewriting For Session Tracking All I want to do is 'URL rewriting For Session Tracking'. I have to admit that I don't really understand your question. What do you need to do with sessions that Tomcat doesn't already do automatically via cookies or jsessionid? Check the doc for the cookies attribute of the Context element: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html You also might want to take a look at Section 7 of the servlet spec: http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
Thanks for your reply Chuck. I've been through the whole documentation and it hasn't helped. I'll try to make my question as clear as possible. Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? I was expecting that there would be a configuration swich for example in server.xml file of Tomcat that I would switch it on, and the url rewriting that would include the jsessionid would be done for me, so that I don't have to wrap every link in my application with Httpservletresponse.encodeURL(). Basically, I was hoping that I don't have to touch my code and insert Httpservletresponse.encodeURL() for every link that I have. But I think there is no such a thing, or is seen as not a good practice. I hope this makes my question clear. - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 03, 2007 8:43 PM Subject: RE: URL rewriting For Session Tracking From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: URL rewriting For Session Tracking All I want to do is 'URL rewriting For Session Tracking'. I have to admit that I don't really understand your question. What do you need to do with sessions that Tomcat doesn't already do automatically via cookies or jsessionid? Check the doc for the cookies attribute of the Context element: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html You also might want to take a look at Section 7 of the servlet spec: http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL rewriting For Session Tracking
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I'm not aware of any config parameter that will force creation of sessions for all clients, but all you should have to do is put the following somewhere in the request processing path of each servlet: request.getSession(true); This doesn't need to go into your servlet or JSP code - you can write a simple filter class that does nothing but run the above code to force the creation of a session if one doesn't already exist. The filter mapping can go into conf/web.xml so it will apply to all apps deployed within your Tomcat instance, or in each appropriate webapp's web.xml file. Note that per the servlet spec, Tomcat will use cookies not URL rewriting for session tracking; it will fall back to URL rewriting if the client refuses cookies. You can also disable use of cookies by setting cookies=false in your Context elements (or the global conf/context.xml file). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
Your reply answered another question that I had. But I think I still haven't described my current question clearly. suppose I have 3 JSP pages in my application. -- first.jsp second.jsp third.jsp -- Now, in my first.jsp, I have nothing but 2 links to the other two JSP pages. If I want the session to be maintain when use clicks on the links to go to the other pages, then can first.jsp be the following: -- a href=second.jspsecond page/a a href=third.jspthird page/a -- Or, the code in first.jsp must be the following: -- a href='%=response.encodeURL(second.jsp)%'second page/a a href='%=response.encodeURL(second.jsp)'%second page/a Note: If I use the first syntax, then unless Tomcat or some patch or filter parse the code and add the jsessionid to the link automatically, then the user will be losing the session when to goes from first.jsp to the other ones. And that's my question; can I use the first syntax. Or there is no way but to use the second syntax if I want the session to be kept. Thanks, Kasra - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 03, 2007 9:56 PM Subject: RE: URL rewriting For Session Tracking From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I'm not aware of any config parameter that will force creation of sessions for all clients, but all you should have to do is put the following somewhere in the request processing path of each servlet: request.getSession(true); This doesn't need to go into your servlet or JSP code - you can write a simple filter class that does nothing but run the above code to force the creation of a session if one doesn't already exist. The filter mapping can go into conf/web.xml so it will apply to all apps deployed within your Tomcat instance, or in each appropriate webapp's web.xml file. Note that per the servlet spec, Tomcat will use cookies not URL rewriting for session tracking; it will fall back to URL rewriting if the client refuses cookies. You can also disable use of cookies by setting cookies=false in your Context elements (or the global conf/context.xml file). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting For Session Tracking
Usually you would use a tag lib for this sort of thing. With struts, it would look something like: html:a href=second.jspsecond page /html:a [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Your reply answered another question that I had. But I think I still haven't described my current question clearly. suppose I have 3 JSP pages in my application. -- first.jsp second.jsp third.jsp -- Now, in my first.jsp, I have nothing but 2 links to the other two JSP pages. If I want the session to be maintain when use clicks on the links to go to the other pages, then can first.jsp be the following: -- a href=second.jspsecond page/a a href=third.jspthird page/a -- Or, the code in first.jsp must be the following: -- a href='%=response.encodeURL(second.jsp)%'second page/a a href='%=response.encodeURL(second.jsp)'%second page/a Note: If I use the first syntax, then unless Tomcat or some patch or filter parse the code and add the jsessionid to the link automatically, then the user will be losing the session when to goes from first.jsp to the other ones. And that's my question; can I use the first syntax. Or there is no way but to use the second syntax if I want the session to be kept. Thanks, Kasra - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 03, 2007 9:56 PM Subject: RE: URL rewriting For Session Tracking From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: URL rewriting For Session Tracking Basically I have a webapp and I want to have a session for each user that connects to my server (just the usual servlet session that is created with jsessionid). Do I have to wrap every link that I have in my webapp with an Httpservletresponse.encodeURL()? No. As I recall, Tomcat will not create a session automatically unless it's absolutely necessary (e.g., tracking authenticated users) or the application requests it. I'm not aware of any config parameter that will force creation of sessions for all clients, but all you should have to do is put the following somewhere in the request processing path of each servlet: request.getSession(true); This doesn't need to go into your servlet or JSP code - you can write a simple filter class that does nothing but run the above code to force the creation of a session if one doesn't already exist. The filter mapping can go into conf/web.xml so it will apply to all apps deployed within your Tomcat instance, or in each appropriate webapp's web.xml file. Note that per the servlet spec, Tomcat will use cookies not URL rewriting for session tracking; it will fall back to URL rewriting if the client refuses cookies. You can also disable use of cookies by setting cookies=false in your Context elements (or the global conf/context.xml file). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
URL rewriting with mod_rewrite and mod_jk possible?
Hi, I'm using a Tomcat 5.5.20 and an Apache 2.x. Using the mod_jk special request will be passed through the Tomcat. But now I have a problem with two Tomcat instances and the same context (the name is equal) in these instances. Here is my workers.properties: ps=\ worker.list=tomcat1, tomcat2 worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat2.port=9009 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 And here is my jk.conf IfModule mod_jk.c JkWorkersFile /etc/apache2/workers.properties JkLogFile /var/log/apache2/mod_jk.log # Log level to be used by mod_jk JkLogLevel error # The following line mounts all JSP files and the /servlet/ uri to tomcat JkMount /rimNG/* tomcat1 JkMount /rimNGj/* tomcat1 JkMount /rimNGuk/* tomcat1 JkMount /rimNGit/* tomcat2 /IfModule As you can see all rimNGit-URLs will be passed through tomcat2. Now I want to create a new URL (for example rimNGit-tomcat2) that should be passed as rimNGit through tomcat2. At the same time all rimNGit request should be passed through tomcat1. Is that possible? If I'm using mod_rewrite I could change the URL to rimNGit but in that case all requests would be passed through tomcat1 instead of tomcat2, am I right? Regards JasDA ___ Viren-Scan für Ihren PC! Jetzt für jeden. Sofort, online und kostenlos. Gleich testen! http://www.pc-sicherheit.web.de/freescan/?mc=02 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting with mod_rewrite and mod_jk possible?
You can experiment with the following alternative way of defining JkMount: If you want to forward a certain request via mod_jk wo a worker X, you can do that by setting: SetHandler jakarta-servlet SetEnv JK_WORKER_NAME X Now you can vary this by using SetEnvIf instead of SetEnv to make it dependant on runtime info, such as the request URL. Furthermore mod_rewrite can set environment variables depending on parts of matches regular expressions. So something like setting SetHandler jakarta-servlet inside Location /rimNGit/ and inside Location /rimNGit-tomcat2/ and using mod_rewrite to set the environment variable JK_WORKER_NAME to tomcat1 if the URL is /rimNGit/ and to worker2 if it is /rimNGit-tomcat2/ (and of course rewriting the URL itself) should work. Caution: Don't mix mapping via JkMount and via SetHandler/Environment for the same URLs. It might lead to unexpected results :) If you don't like the name of the environment variable JK_WORKER_NAME, you can change it via JkWorkerIndicator MyPrefferedVarName Some of this is explained in http://tomcat.apache.org/connectors-doc/reference/apache.html (look for JkWorkerIndicator) Regards, Rainer [EMAIL PROTECTED] wrote: Hi, I'm using a Tomcat 5.5.20 and an Apache 2.x. Using the mod_jk special request will be passed through the Tomcat. But now I have a problem with two Tomcat instances and the same context (the name is equal) in these instances. Here is my workers.properties: ps=\ worker.list=tomcat1, tomcat2 worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat2.port=9009 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 And here is my jk.conf IfModule mod_jk.c JkWorkersFile /etc/apache2/workers.properties JkLogFile /var/log/apache2/mod_jk.log # Log level to be used by mod_jk JkLogLevel error # The following line mounts all JSP files and the /servlet/ uri to tomcat JkMount /rimNG/* tomcat1 JkMount /rimNGj/* tomcat1 JkMount /rimNGuk/* tomcat1 JkMount /rimNGit/* tomcat2 /IfModule As you can see all rimNGit-URLs will be passed through tomcat2. Now I want to create a new URL (for example rimNGit-tomcat2) that should be passed as rimNGit through tomcat2. At the same time all rimNGit request should be passed through tomcat1. Is that possible? If I'm using mod_rewrite I could change the URL to rimNGit but in that case all requests would be passed through tomcat1 instead of tomcat2, am I right? Regards JasDA ___ Viren-Scan für Ihren PC! Jetzt für jeden. Sofort, online und kostenlos. Gleich testen! http://www.pc-sicherheit.web.de/freescan/?mc=02 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Security constraints URL rewriting
Hi I'd like to re-write some of the URLs of my web app to support wildcard prefixes (ie, /resource-id value/servlet/) and wonder if this is possible when using authentication defined by security constraints (and url-pattern) in the web.xml As I understand it, the HTTP request is authenticated before my URL re-writing filter is invoked (and would fail, as I can't map all possible resource-id value combinations) Is it possible to change the order in which tomcat does authentication, so that my filter gets a chance to re-write the URL first ? Erik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting best practice?
Kristian you can write a servlet filter for this. It will be easier that way. mod_rewrite is one way of doing it , but if you are going to target only your JSP I would recommend to go to the servlet filter way. You could also use valves, but you can do almost the same things with servlet filter. Example of class is: public final class URLRewriteFilter implements Filter { // you have to implement this method public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // you code goes here chain.doFilter(request, response); } } If you need help implementing it, just let me know. With Best Regards Bruno Georges Glencore International AG Tel. +41 41 709 3204 Fax +41 41 709 3000 |-+--- | | Kristian Rink | | | [EMAIL PROTECTED]| | | 428.net| | | | | | 15.12.05 11:37 | | | Please respond | | | to Tomcat Users| | | List | | | | |-+--- --| | | |To: Tomcat Users List users@tomcat.apache.org | |cc: | |Subject: URL rewiting best practise? | | | |Distribute: | |Personal? |---| | || [ ] x | | ||---| | | | --| Hi all; currently I'm into deploying a small jsp/servlet based application which more or less utilizes a dispatcher servlet to provide .jsp-based content. For that, I'm into using URLs like http://foobar:8080/Site?path=home/users to, in example, show the site section home - users. For now, I'd like to do URL rewriting in order to provide users with an URL like http://foobar:8080/home/users or maybe http://foobar:8080/Site/home/users to see the same content. My initial idea was to use apache, mod_jk and mod_rewrite to do right this, but don't feel too good about that idea because sooner or later the site URL will also have to carry around a session ID and in that I am afraid that URL rewriting will get me into trouble. So, my question: What is the best way of doing URL rewriting in such a situation? Does tomcat provide any ways of achieving what I want? TIA and bye, Kris -- Kristian Rink * http://zimmer428.net * jab: [EMAIL PROTECTED] icq: 48874445 * fon: ++49 176 2447 2771 Be yourself the kind of change you want to see in this world. (Gandhi) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] LEGAL DISCLAIMER. The contents of this e-mail and any attachments are strictly confidential and they may not be used or disclosed by someone who is not a named recipient. If you have received this email in error please notify the sender by replying to this email inserting the word misdirected as the message and delete this e-mail from your system. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting best practise?
Kristian I forgot to ask if you want the user to see the new URL or not, is this important in your application? If this is the case then you will have to consider looking into the HTTP response codes. Also, do you always plan to have apache in front? If you use IE, you will have to write an ISAPI Filter to duplicate the mod_rewrite functioanlity [you can buy one too] as it doesn't come with IIS. Hope this helps. Bruno Georges Glencore International AG Tel. +41 41 709 3204 Fax +41 41 709 3000 |-+--- | | Kristian Rink | | | [EMAIL PROTECTED]| | | 428.net| | | | | | 15.12.05 11:37 | | | Please respond | | | to Tomcat Users| | | List | | | | |-+--- --| | | |To: Tomcat Users List users@tomcat.apache.org | |cc: | |Subject: URL rewiting best practise? | | | |Distribute: | |Personal? |---| | || [ ] x | | ||---| | | | --| Hi all; currently I'm into deploying a small jsp/servlet based application which more or less utilizes a dispatcher servlet to provide .jsp-based content. For that, I'm into using URLs like http://foobar:8080/Site?path=home/users to, in example, show the site section home - users. For now, I'd like to do URL rewriting in order to provide users with an URL like http://foobar:8080/home/users or maybe http://foobar:8080/Site/home/users to see the same content. My initial idea was to use apache, mod_jk and mod_rewrite to do right this, but don't feel too good about that idea because sooner or later the site URL will also have to carry around a session ID and in that I am afraid that URL rewriting will get me into trouble. So, my question: What is the best way of doing URL rewriting in such a situation? Does tomcat provide any ways of achieving what I want? TIA and bye, Kris -- Kristian Rink * http://zimmer428.net * jab: [EMAIL PROTECTED] icq: 48874445 * fon: ++49 176 2447 2771 Be yourself the kind of change you want to see in this world. (Gandhi) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] LEGAL DISCLAIMER. The contents of this e-mail and any attachments are strictly confidential and they may not be used or disclosed by someone who is not a named recipient. If you have received this email in error please notify the sender by replying to this email inserting the word misdirected as the message and delete this e-mail from your system. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting best practice?
Yes it will work that way. The servlet filter process the request it gets from apache the same way it will without it. Also with mod_jk or mod_proxy Make sure you don't already have some mod_rewrite rules set in your apache, they will take precedance over the filter [if applicable of course]. Bruno Georges Glencore International AG Tel. +41 41 709 3204 Fax +41 41 709 3000 |-+--- | | Kristian Rink | | | [EMAIL PROTECTED]| | | 428.net| | | | | | 15.12.05 14:41 | | | Please respond | | | to Tomcat Users| | | List | | | | |-+--- --| | | |To: Tomcat Users List users@tomcat.apache.org | |cc: | |Subject: Re: URL rewriting best practise? | | | |Distribute: | |Personal? |---| | || [ ] x | | ||---| | | | --| Hi Bruno; Bruno Georges schrieb: I forgot to ask if you want the user to see the new URL or not, is this important in your application? If this is the case then you will have to No, that's not really important. Just want to expose the site using a more human-readable URL format than one filled up with ='s and 's... ;) Also, do you always plan to have apache in front? If you use IE, you will have to write an ISAPI Filter to duplicate the mod_rewrite functioanlity [you can buy one too] as it doesn't come with IIS. There'll probably be an apache in front because it's already there being reverse-proxy for the web client applications of our document management system, and I'm about to place the tomcat right behind this apache, as well. Should work this way, shouldn't it? Cheers, Kris -- Kristian Rink * http://zimmer428.net * jab: [EMAIL PROTECTED] icq: 48874445 * fon: ++49 176 2447 2771 Be yourself the kind of change you want to see in this world. (Gandhi) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] LEGAL DISCLAIMER. The contents of this e-mail and any attachments are strictly confidential and they may not be used or disclosed by someone who is not a named recipient. If you have received this email in error please notify the sender by replying to this email inserting the word misdirected as the message and delete this e-mail from your system. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting best practice?
Bruno Georges wrote: you can write a servlet filter for this. ... or use an existing one: http://tuckey.org/urlrewrite/ FWIW! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]