Re: [Zope] keeping Java Servlets session ids based on url rewriti ng
Albert,
I've put this in the collector as a possible bug... hopefully it will
get fixed with the next release if it proves not to be the proper
behavior. In the meantime, you want want to try messing around with
that regex to get the appropriate behavior for your environment.
[EMAIL PROTECTED] wrote:
>
> I've done a little poking around in ZPublisher's HTTPRequest.py and
> BaseRequest.py and I don't think that's where the ';*' gets stripped. I
> can't find *where* it gets stripped. It must be possible to make Zope
> de-ignore things split on a ";", but right now I can't find out where to
> do so.
>
>Um from looking at the code I think it may be Zserver not Zpublisher
>doing it. I think there is code which set up the CGI env vars at
>Zpublisher pick em up and works with them, so it is the code that sets
>those GCI vars that is dropping it. Isn't it tru that if you use
>APACHE, they are set by APACHE and is you use Zserver w/o frontending
>it with APACHE something in Zserver has to be setting them?
>
> I think this is where the stripping occurs:
>
> From default_handler in the medusa directory...
>
> # split a uri
> # ;?#
> path_regex = regex.compile (
> #pathparamsquery fragment
> '\\([^;?#]*\\)\\(;[^?#]*\\)?\\(\\?[^#]*\)?\(#.*\)?'
> )
>
> def split_path (path):
> if path_regex.match (path) != len(path):
> raise ValueError, "bad path"
> else:
> return map (lambda i,r=path_regex: r.group(i), range(1,5))
>
> Which is called by HTTPServer.py:
>
> def get_environment(self, request,
> # These are strictly performance hackery...
> split=string.split,
> strip=string.strip,
> join =string.join,
> upper=string.upper,
> lower=string.lower,
> h2ehas=header2env.has_key,
> h2eget=header2env.get,
> workdir=os.getcwd(),
> ospath=os.path,
> ):
> [path, params, query, fragment] = split_path(request.uri)
> while path and path[0] == '/':
> path = path[1:]
> if '%' in path:
> path = unquote(path)
> if query:
> # ZPublisher doesn't want the leading '?'
> query = query[1:]
>
> server=request.channel.server
> env = {}
> env['REQUEST_METHOD']=upper(request.command)
> env['SERVER_PORT']=str(server.port)
> env['SERVER_NAME']=server.server_name
> env['SERVER_SOFTWARE']=server.SERVER_IDENT
> env['SERVER_PROTOCOL']=request.version
> env['channel.creation_time']=request.channel.creation_time
> if self.uri_base=='/':
> env['SCRIPT_NAME']=''
> env['PATH_INFO']='/' + path
> else:
> env['SCRIPT_NAME'] = self.uri_base
> try:
> path_info=split(path,self.uri_base[1:],1)[1]
> except:
> path_info=''
> env['PATH_INFO']=path_info
> env['PATH_TRANSLATED']=ospath.normpath(ospath.join(
> workdir, env['PATH_INFO']))
> if query:
> env['QUERY_STRING'] = query
> env['GATEWAY_INTERFACE']='CGI/1.1'
> env['REMOTE_ADDR']=request.channel.addr[0]
>
> # If we're using a resolving logger, try to get the
> # remote host from the resolver's cache.
> if hasattr(server.logger, 'resolver'):
> dns_cache=server.logger.resolver.cache
> if dns_cache.has_key(env['REMOTE_ADDR']):
> remote_host=dns_cache[env['REMOTE_ADDR']][2]
> if remote_host is not None:
> env['REMOTE_HOST']=remote_host
>
> env_has=env.has_key
> for header in request.header:
> key,value=split(header,":",1)
> key=lower(key)
> value=strip(value)
> if h2ehas(key) and value:
> env[h2eget(key)]=value
> else:
> key='HTTP_%s' % upper(join(split(key, "-"), "_"))
> if value and not env_has(key):
> env[key]=value
> env.update(self.env_override)
> return env
>
> Also from rfc1738
>
> http://rfc.fh-koeln.de/rfc/html/rfc1738.html
>
> "Reserved:
>
>Many URL schemes reserve certain characters for a special meaning:
>their appearance in the scheme-specific part of the URL has a
>designated semantics. If the character corresponding to an octet is
>reserved in a scheme, the octet must be encoded. The characters ";",
>
>"/", "?", ":", "@", "=" and "&" are the characters which may be
>reserved for special meaning within a scheme. No other characters may
>
>be reserved within a scheme.
>
>Usua
RE: [Zope] keeping Java Servlets session ids based on url rewriti ng
> Um from looking at the code I think it may be Zserver not Zpublisher > doing it. I think there is code which set up the CGI env vars at > Zpublisher pick em up and works with them, so it is the code that sets > those GCI vars that is dropping it. Isn't it tru that if you use > APACHE, they are set by APACHE and is you use Zserver w/o frontending > it with APACHE something in Zserver has to be setting them? That sounds reasonable. I'd imagine it would have something to do with PATH_INFO, PATH_TRANSLATED, or SCRIPT_NAME. Have you looked for calls to the Python cgi module in ZServer? I might start by looking for it trying to assign these environment variables to see what it does. Sorry I can't give you any more specifics. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] keeping Java Servlets session ids based on url rewriti ng
I've done a little poking around in ZPublisher's HTTPRequest.py and BaseRequest.py and I don't think that's where the ';*' gets stripped. I can't find *where* it gets stripped. It must be possible to make Zope de-ignore things split on a ";", but right now I can't find out where to do so. Um from looking at the code I think it may be Zserver not Zpublisher doing it. I think there is code which set up the CGI env vars at Zpublisher pick em up and works with them, so it is the code that sets those GCI vars that is dropping it. Isn't it tru that if you use APACHE, they are set by APACHE and is you use Zserver w/o frontending it with APACHE something in Zserver has to be setting them? Regards, Albert ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] keeping Java Servlets session ids based on url rewriti ng
Thanks for the clarifications... > We use servlets for java to java com between applets and the > server. Inside, the servlets communicates to C++ based servers for > objects and events. Servlet sessions are used to help ensure > validation > for the object and event servers. User database is also stored in the > object repository. Getting the session id for the servlet back into > Zope (I was going to store it in a SQLSession object.) was the reason > for preserving the ; from a response redirect generated by > servlet. All pages with applets would be written with the servlet > session ID as a parameter. We were going to use https for anything > with session ids in them so they can not be sniffed for. OK, I think I understand... you need to keep using the servlets-style URL-rewriting because you serve Java applets that make use of sessionids, and you may want to serve these from Zope. I've done a little poking around in ZPublisher's HTTPRequest.py and BaseRequest.py and I don't think that's where the ';*' gets stripped. I can't find *where* it gets stripped. It must be possible to make Zope de-ignore things split on a ";", but right now I can't find out where to do so. > I had not decided if the user database exchange would be done by using > the client as a relay with user info emedded in > user,md5-password-signature components in the session id response > redirect or some Zope to JServ direct handshaking using > ZPatterns-based Membership. Yet another alternative would be the swig > Python interface directly to the object server and Zpatterns. >From what little I know about Java servlets, I believe it keeps all the session objects in separate files within a directory on servlet's server's filesystem. Are they in an opaque format? Are they named with the sessionid? Maybe you could let Zope peek at these. > > Hope this helps clarifys things.. > > Albert Boulanger > [EMAIL PROTECTED] > > > > - > ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
