I have developed a web application with session management in Struts2. Every time user logins, jsessionid appeared in the URL. How to remove disable jessionid in appending in URL? I am using Struts 2.0.11.
You could disable url rewriting on your container level (and in fact it works for every framework leveraging the HttpServletResponse#encodeURL method).. In servlet 2.5 url rewriting is optional and on most servlet containers there should be a way to disable this. For instance in Tomcat you can set disableURLRewriting attribute to true. More here. Also check out this question - it seems to be similar.
Related
Orbeon is integrated into another webapp. oxf.http.state is set to none.
When loading a form in form runner, external session cookies are not forwarded to the persistence. Despite that oxf.http.forward-headers and oxf.http.forward-cookies are set to according values.
When loading a simple form which isn't rendered by form runner the cookies are nicely forwarded with the requests in preprocessing step to the same server.
And after loading a simple form and forwarding session cookie atleast once, all the request from form runner also contain that cookie till the session expires.
So the question is - is it possible to forward external session cookies to the same server from form runner to custom persistence layer?
Or the only way is to make a dummy request each time to add the cookie to the http client?
As mentioned in a comment, this looks similar to issue #1070, that was marked fixed for 4.3, as the problem wasn't happening with that version. So I recommend you upgrade to 4.3.
If the problem persists with the latest version, I'd recommend you update your question with specific steps we can follow to reproduce this.
I am developing an Online Recruitment System in Java EE using Servlets and I want to give each user his own unique url by adding username to context path using '/'.
Simply put I want to rewrite my url from /main to /main/username so when people login they can see their username in address bar(just like at stackoverflow or facebook).
Eg. Currently I am redirecting to "/main?username="+username (works fine) using Jquery Ajax but I want to redirect to /main/username.
I tried encodeURL method but '/' makes search for into subdirectory. If anybody think it should work, please give me the syntax.
I have done url mapping in web.xml.(Eg. signin.jsp is mapped to signin uri)
If I understand your question, you want to have a Java EE site like myrecruitingsite.com where you can redirect a user to myrecruitingsite.com/main/<username>. When a request is made to myrecruitingsite.com/main/arg21, or myrecruitingsite.com/main/geoffreywiseman, you'd want the request to go to the same servlet, and you'd like to know which username was requested.
Java servlet mappings don't directly support complex routing patterns in the way that many modern web frameworks do. You can't configure the web.xml to send a request from myrecruitingsite.com/main/<username> to the user profile servlet and myrecruitingsite.com/main/<username>/contact to the contact servlet. You can do wildcard mappings, but all the routing decisions after that you'll have to do outside of the web.xml.
Alternately, you can do URL rewriting (typically with servlet filters) such that the URL requested by the browser is not the final one interpreted by the servlet mapping layer. There are frameworks for this, or you can do it yourself.
Basically, you need to configure the servlet mapping's url pattern with a wildcard, and then query getPathInfo() to find out what the rest of the wildcard was. That alone is pretty simple.
If you're using any one of a wide array of Java web frameworks, there will be facilities for routing and quite possibly a front controller servlet that does what you need already. In that scenario, you'll need to look at the framework's documentation for more information.
On the other hand, if you're doing it yourself using servlets (or even servlets + jsp), you can either just do a wildcard mapping to a single servlet that will grow larger and larger as you add more features to it, or more likely, you'll need to develop your own micro-framework where the servlet acts as a Front Controller servlet and does the routing work and delegates all the subsequent work to plain old java objects (POJOs).
By way of example, your routing servlet could maintain a mapping between url patterns (perhaps specified in java regular expressions) to objects of your own creation that either mimic the servlet interface or another interface of your own creation. That way, you have a servlet that's responsible for the routing decisions bound in the web.xml, and a network of little classes that are responsible for the specifics of a particular request. It's work, but it's not terrifically difficult.
Usually this is achieved using url rewrites on the server. For IIS that means creating a web.config or in apache creating a .htaccess file. You'll need to find the equivalent for your server and it can then be made to parse the directory structure type /username/ into a HTTP GET variable for your application.
I have an application developed in Grails (v1.3.7) and we used Spring Security Core (v1.2.6) plugin for authentication. After building .war file, I have deployed the application in a standard tomcat server (v7.0.22). The application runs fine.
I know that I can configure Session timeout period in web.xml either before building the application or in the tomcat server itself. But, I want (additionally) to redirect any page to the log-in page automatically whenever the Session is timed out. Because, if the Session times out and users click on any links or simply refresh the current page, they get a tomcat error.
Can anyone suggest a way to resolve it easily? Is there any configuration (like expired-session-url) in Tomcat or Spring Security Core that does the job?
I have search in the plugin doc site, plugin blog site but nothing found. This site suggest that I would require to add a listener in code and I would hate to do that and would like to use a simple configuration like this. Can anyone guide anything?
Thanks in anticipation
Http is stateless protocol, and session is just a marker stored on client cookies (+ local db), and you can't handle this as an event. 'new client' and 'session expired' is the exactly same, it just means that you can't identify browser for current request. For most cases it means also that user is not authenticated (for raw Spring Security Core, at least)
For you case, you already have session expired handler, it's when you're getting this tomcat error. Just handle this error, and redirect user to login page.
Btw, if you have proper Spring Security configuration, it must redirect all non-authorized users to login page. And seems that you have made something wrong with your app architecture, if you have authenticated user, but still having some user datails in standard tomcat session. There at least two ways: avoid your own user session, or make some kind of session-based Spring Security authentication config.
I tried looking up any tips for restricting access to static content/partial urls on a web server for my grails web-app but getting confused about using element in web.xml, since right now I am using the grails default jetty server (doesn't use web.xml) and the images, css, js etc are all accessible without any authentication. how do I go about restricting access to
1) all static content directories - only accessible in a valid user session.
2) all intermediate url paths not displaying content in the appropriate format/incorrect content.
It should say like not available/forbidden if the user tries to access above 2 by hitting urls.
Implement your own filters (by URI) in grails-app/conf. For more details see section 6.6 Filters in grails documentation
... off the top of my head I'd try the spring-security plugin, it has options for restricting access on per url basis. Good start is here the screencast
In my application I want to have some dynamic content available to search engine bots which have cookies disabled. But I am stuck because I need to pass redirect URL via flash scope to redirect to different action and controller. When I use chain
instead of redirect then I am able to get flash scope data but I have some use cases in which I cannot use chain and have to use redirect this is also because chain (uri: '/') does not work correctly as this will redirect to index action of current controller and not to the controller that is defined for root '/'. The issue is that flash scope loses everything when cookies are disabled and doing redirect instead of chain. Is this a bug in grails or know limitation in grails?
When cookies are disabled I still see URL being rewritten with ;jessionid=some_value but according to documentation by default
url would not be rewritten with jessionid. When cookies are enabled then url is not rewritten as expected. Is this a bug in grails or expected behavior? How do I disable URL rewriting in grails when cookies disabled?
I also understand that the implication of disabling cookies and URL rewriting is that each request would result in new session object creation.
Not sure if it is the solution you are looking for, but have you tried Marc Palmer's One-Time Data plugin?