You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mayur <ma...@info-objects.com> on 2000/04/05 21:52:51 UTC
Help required....
Hi All,
I have just joined this forum and am very much excited about contributing
as much as
i can to this forum. I will try my best to be actively invlolved in this
forum.
I am facing a strange problem when using jsdk2.1 on linux with weblogic
server 4.5.1 .
If anyone can send some inputs to this it will be highly appreciated.
The problem is to do with HttpSession, i am loosing the session when i call
a jsp page and then go to the servlet.
The sequence flow is
servlet calls--> jsp page calls via HREF ---> servlet
(putting objects (loosing session here) loosing sesssion here also,
in session ) return false, but cannot get objects from session
cannot get objects from session)
If some one can help me in this it will be great. It is urgent. DO i need to
use differnent servlet/jsp engine.
regards
mayur s shah
-----Original Message-----
From: craigmcc@locus.apache.org [mailto:craigmcc@locus.apache.org]
Sent: Wednesday, April 05, 2000 12:40 PM
To: jakarta-tomcat-cvs@apache.org
Subject: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core
HttpServletResponseFacade.java
craigmcc 00/04/05 12:40:22
Modified: src/share/org/apache/tomcat/core
HttpServletResponseFacade.java
Log:
Correct the implementation of encodeURL() and encodeRedirectURL() so that
they correctly determine when encoding should take place. For the record,
those rules are as follows:
- We are in a valid session
- The session ID was not requested with a cookie
- The URL to be encoded references a URL within the current
web application (that is, we match on the scheme, host, port,
and context path of the absolute URL that corresponds to
the specified URL if it is relative)
In addition, sendRedirectURL() now absolutizes the specified location,
even though this is already done in the default error handling servlet,
so that the spec rule (that it must be absolutized) will be obeyed even
if the web app has defined their own error page for SC_MOVED_TEMPORARILY
(legal but not likely).
Tested with URLs that are absolute, host relative (that is, starting with
a slash), and request-relative (not starting with a slash). Also passes
the current Watchdog test suite.
PR:174
Submitted by: evan@netsco.com
Revision Changes Path
1.7 +201 -36
jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.ja
va
Index: HttpServletResponseFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRespons
eFacade.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- HttpServletResponseFacade.java 2000/03/21 01:27:08 1.6
+++ HttpServletResponseFacade.java 2000/04/05 19:40:20 1.7
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRespons
eFacade.java,v 1.6 2000/03/21 01:27:08 costin Exp $
- * $Revision: 1.6 $
- * $Date: 2000/03/21 01:27:08 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRespons
eFacade.java,v 1.7 2000/04/05 19:40:20 craigmcc Exp $
+ * $Revision: 1.7 $
+ * $Date: 2000/04/05 19:40:20 $
*
* ====================================================================
*
@@ -103,12 +103,15 @@
}
public String encodeRedirectURL(String location) {
- // rewrite for the same host
- // this is really simplistic matching here, any helper functions?
- if (location.indexOf(response.getRequest().getServerName())!=-1){
- location=encodeURL(location);
- }
- return location;
+
+ System.out.println("CRM: encodeRedirectURL(" + location + ") --> " +
+ toAbsolute(location) + " --> " +
+ isEncodeable(toAbsolute(location)));
+ if (isEncodeable(toAbsolute(location)))
+ return (toEncoded(location,
+ response.getRequest().getRequestedSessionId()));
+ else
+ return (location);
}
/**
@@ -119,33 +122,15 @@
}
public String encodeURL(String url) {
- Request request=response.getRequest();
- // if I have a session
- // System.out.println("XXX " +
request.isRequestedSessionIdValid() +" " +
request.isRequestedSessionIdFromCookie() +
- // " " + request.getRequestedSessionId();
-
- if (request.isRequestedSessionIdValid()){
- // if first time or cookie not returned
- // XXX need to add support for SSL or other schemas
- if (!request.isRequestedSessionIdFromCookie()) {
- int qidx=url.indexOf( "?" );
- String path=url;
- String qry=null;
- if( qidx >= 0 ) {
- path=url.substring( 0, qidx );
- qry=url.substring( qidx+1 );
- }
- StringBuffer sb=new StringBuffer(path);
- sb.append(";jsessionid=").append(request.getRequestedSessionId());
- if( qry != null )
- sb.append("?").append( qry);
- // System.out.println("RW " + url + " " + sb.toString());
- return sb.toString();
- }
- }
- return url;
+
+ if (isEncodeable(toAbsolute(url)))
+ return (toEncoded(url,
+ response.getRequest().getRequestedSessionId()));
+ else
+ return (url);
+
}
-
+
/**
* @deprecated
*/
@@ -185,8 +170,13 @@
String msg = sm.getString("hsrf.redirect.iae");
throw new IllegalArgumentException(msg);
}
+ System.out.println("CRM: sendRedirect(" + location + ") --> " +
+ toAbsolute(location));
+ // Even though DefaultErrorServlet will convert this
+ // location to absolute (if required) we should do so
+ // here in case the app has a non-default handler
sendError(HttpServletResponse.SC_MOVED_TEMPORARILY,
- location);
+ toAbsolute(location));
}
public void setContentLength(int len) {
@@ -261,4 +251,179 @@
response.setStatus(sc);
}
+ /**
+ * Return <code>true</code> if the specified URL should be encoded
with
+ * a session identifier. This will be true if all of the following
+ * conditions are met:
+ * <ul>
+ * <li>The request we are responding to asked for a valid session
+ * <li>The requested session ID was not received via a cookie
+ * <li>The specified URL points back to somewhere within the web
+ * application that is responding to this request
+ * </ul>
+ *
+ * @param location Absolute URL to be validated
+ **/
+ private boolean isEncodeable(String location) {
+
+ // Are we in a valid session that is not using cookies?
+ Request request = response.getRequest();
+ if (!request.isRequestedSessionIdValid())
+ return (false);
+ if (request.isRequestedSessionIdFromCookie())
+ return (false);
+
+ // Is this a valid absolute URL?
+ System.out.println("CRM: isEncodeable(" + location + ")");
+ URL url = null;
+ try {
+ url = new URL(location);
+ } catch (MalformedURLException e) {
+ return (false);
+ }
+ System.out.println("CRM: Valid URL --> " + url.toString());
+
+ // Does this URL match down to (and including) the context path?
+ System.out.println("CRM: Compare " + request.getScheme() +
+ " to " + url.getProtocol());
+ if (!request.getScheme().equalsIgnoreCase(url.getProtocol()))
+ return (false);
+ System.out.println("CRM: Compare " + request.getServerName() +
+ " to " + url.getHost());
+ if (!request.getServerName().equalsIgnoreCase(url.getHost()))
+ return (false);
+ System.out.println("CRM: Compare " + request.getServerPort() +
+ " to " + url.getPort());
+ if (request.getServerPort() != url.getPort())
+ return (false);
+ String contextPath = request.getContext().getPath();
+ System.out.println("CRM: Check context path " + contextPath +
+ " against " + url.getFile());
+ if ((contextPath != null) && (contextPath.length() > 0)) {
+ String file = url.getFile();
+ if ((file == null) || !file.startsWith(contextPath))
+ return (false);
+ }
+
+ // This URL belongs to our web application, so it is encodeable
+ System.out.println("CRM: This URL is encodeable");
+ return (true);
+
+/*
+ // Is this an absolute URL?
+ if (url == null)
+ return (false);
+ int colon = url.indexOf("://");
+ if (colon < 0)
+ return (false);
+
+ // Only HTTP: and HTTPS: URLs are encoded
+ String scheme = url.substring(0, colon).toLowerCase();
+ if (!"http".equals(scheme) && !"https".equals(scheme))
+ return (false);
+
+ // Match on the host name and port number
+ String rest = url.substring(colon + 3);
+ colon = rest.indexOf(":");
+ int slash = rest.indexOf("/");
+ if (slash < 0) {
+ slash = rest.length();
+ rest += "/";
+ }
+ if (colon > slash)
+ colon = -1;
+ String host = null;
+ int port = 80;
+ if (colon >= 0) {
+ host = rest.substring(0, colon);
+ String temp = rest.substring(colon + 1, slash - (colon + 1));
+ try {
+ port = Integer.parseInt(temp);
+ } catch (Throwable t) {
+ return (false); // Invalid port number in absolute URL
+ }
+ } else
+ host = rest.substring(0, slash);
+ if (!host.equalsIgnoreCase(request.getServerName()))
+ return (false);
+ if (port != request.getServerPort())
+ return (false);
+
+ // Match on the context path of this web application
+ rest = rest.substring(slash);
+ String contextPath = request.getContext().getPath();
+ if ((contextPath == null) || (contextPath.length() == 0))
+ return (true);
+ if (rest.startsWith(contextPath))
+ return (true);
+ else
+ return (false);
+*/
+
+ }
+
+
+ /**
+ * Convert (if necessary) and return the absolute URL that represents
the
+ * resource referenced by this possibly relative URL. If this URL is
+ * already absolute, return it unchanged.
+ *
+ * @param location URL to be (possibly) converted and then returned
+ */
+ private String toAbsolute(String location) {
+
+ if (location == null)
+ return (location);
+
+ // Construct a new absolute URL if possible (cribbed from
+ // the DefaultErrorPage servlet)
+ URL url = null;
+ try {
+ url = new URL(location);
+ } catch (MalformedURLException e1) {
+ Request request = response.getRequest();
+ String requrl =
+ HttpUtils.getRequestURL(request.getFacade()).toString();
+ try {
+ url = new URL(new URL(requrl), location);
+ } catch (MalformedURLException e2) {
+ return (location); // Give up
+ }
+ }
+ return (url.toString());
+
+ }
+
+
+ /**
+ * Return the specified URL with the specified session identifier
+ * suitably encoded.
+ *
+ * @param url URL to be encoded with the session id
+ * @param sessionId Session id to be included in the encoded URL
+ */
+ private String toEncoded(String url, String sessionId) {
+
+ if ((url == null) || (sessionId == null))
+ return (url);
+
+ String path = null;
+ String query = null;
+ int question = url.indexOf("?");
+ if (question < 0)
+ path = url;
+ else {
+ path = url.substring(0, question);
+ query = url.substring(question);
+ }
+ StringBuffer sb = new StringBuffer(path);
+ sb.append(";jsessionid=");
+ sb.append(sessionId);
+ if (query != null)
+ sb.append(query);
+ return (sb.toString());
+
+ }
+
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: Help required....
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Mayur wrote:
> Hi All,
>
> I have just joined this forum and am very much excited about contributing
> as much as
> i can to this forum. I will try my best to be actively invlolved in this
> forum.
>
That's good.
>
> I am facing a strange problem when using jsdk2.1 on linux with weblogic
> server 4.5.1 .
That's not so good.
This forum (TOMCAT-DEV@JAKARTA.APACHE.ORG) is for discussions among those who are
developing Tomcat itself, not applications running on Tomcat (use mailing list
TOMCAT-USER@JAKARTA.APACHE.ORG for Tomcat-related user questions) or on a different servlet
container (your best bet is the support newsgroups or mailing lists for that server --
Weblogic in this case).
Craig McClanahan