> Date: Fri, 14 Mar 2014 08:36:08 -0400
> From: ch...@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Seema,
>
> On 3/14/14, 7:53 AM, Seema Patel wrote:
> > I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
> > for my struts servlet jsp application. I have also removed all
> > JCIFS authentication from the WEB-INF/web.xml file and have tried
> > to do BASIC authentication through Tomcat and the AD (it
> > authenticates me, but not sure if I've missed anything out, as I've
> > never done this before).
>
> One question at a time, please ;)
Sorry for the off-loading of multiple questions :-)
>
> > I have a doFilter function in my code, which contains
> > httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
> > 1.5 version, this will work, as when I print
> > httpServletRequest.getServletPath() i get the following:
> >
> > P1_00.do P5_0_0.do P5_0_1.do
> >
> > But in Tomcat 7.0.52 Java 1.7 I get the following from
> > httpServletRequest.getServletPath() call:
> >
> > P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
> > includes/P1_00.do
>
> How are you printing this? Do you just have a Filter that wraps
> everything and dumps-out the ServletPath for every request? Can you
> post the code for that Filter as well as the <filter> and
> <filter-mapping> configuration you have in web.xml?
>
I'm just doing a System.out.println() in the doFilter function in the
RequestFilter class to show which page it is. The doFilter function is:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
final HttpServletRequest httpRequest = (HttpServletRequest)request;
final Object userBeanObject =
httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
final String pageName =
httpRequest.getServletPath().replaceAll("/","");
System.out.println("Request Page = " +
httpRequest.getServletPath());
if (unsecuredPages.contains(pageName)) {
// don't need any protection
chain.doFilter(request, response);
} else if (!(userBeanObject instanceof UserBean)) {
// no user bean in session do need one, invalidate session and
redirect to login
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
} else {
final UserBean user = (UserBean) userBeanObject;
Map<String,LogicalOperation> permissions =
(Map<String,LogicalOperation>)context.getAttribute(GenConstants.PERMISSIONS_MAP);
if(permissions == null) {
PermissionsUtil.setupPermissions(context);
permissions =
(Map<String,LogicalOperation>)context.getAttribute(GenConstants.PERMISSIONS_MAP);
}
final LogicalOperation requiredOp =
permissions.get(pageName.replaceAll("\\.do",""));
if (user.isOperationAllowed(requiredOp)) {
chain.doFilter(request, response);
} else {
if (httpRequest.getSession(false) != null) {
httpRequest.getSession().invalidate();
}
((HttpServletResponse)response).sendRedirect(logonPage);
}
}
}
}
To give you a better idea of what was in the web.xml, here is what's been taken
out:
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.smb.client.soTimeout</param-name>
<param-value>30000</param-value>
</init-param>
<!-- always needed for preauthentication / SMB signatures -->
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>XXX.LOCAL</param-value>
</init-param>
<!-- SMB message signing requires a valid existing login -->
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>username</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>password</param-value>
</init-param>
<!-- Set the logging level -->
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>2</param-value>
</init-param>
<!-- allow non-IE browsers to use basic auth -->
<init-param>
<param-name>jcifs.http.insecureBasic</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
Here is what is still in the web.xml file (pre-upgrade and now):
<filter>
<filter-name>ADGroupFilter</filter-name>
<filter-class>com.xxx.xxx.ADGroupFilter</filter-class>
<init-param>
<param-name>AllowedGroups</param-name>
<param-value>G-xxx1,G-PORTAL-xxx2,G-PORTAL-xxx3,G-PORTAL-xxx4,G-PORTAL-xxx5,G-PORTAL-xxx6,G-PORTAL-xxx7,G-PORTAL-xxx8,G-PORTAL-xxx9,G-PORTAL-xxx10,G-PORTAL-xxx11,
G-PORTAL-xxx12,G-PORTAL-xxx13,G-PORTAL-xxx14,G-PORTAL-xxx15</param-value>
</init-param>
</filter>
<filter>
<filter-name>Auth Filter</filter-name>
<filter-class>com.xxx.xxx.RequestFilter</filter-class>
<init-param>
<param-name>LogonPage</param-name>
<param-value>P1_00.do</param-value>
</init-param>
<init-param>
<param-name>UnsecuredPages</param-name>
<param-value>P1_00.do,UnauthorisedAccess.jsp</param-value> <!--
separated by commas -->
</init-param>
</filter>
<filter>
<filter-name>NoCacheFilter</filter-name>
<filter-class>com.xxx.xxx.NoCacheFilter</filter-class>
<!-- Added the 3 init paramaters post upgrade -->
<init-param>
<param-name>Cache-Control</param-name>
<param-value>no-cache</param-value>
</init-param>
<init-param>
<param-name>Cache-Control</param-name>
<param-value>no-store</param-value>
</init-param>
<init-param>
<param-name>Pragma</param-name>
<param-value>no-cache</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NoCacheFilter</filter-name>
<url-pattern>/includes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>NoCacheFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADGroupFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADGroupFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Auth Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
This is the code I have added to replace the JCIFS code (which I'm not sure if
I've done correctly):
<security-constraint>
<display-name>your web app display name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- <role-name>source</role-name> -->
<role-name>G-xxx1</role-name>
<role-name>G-PORTAL-xxx2</role-name>
<role-name>G-PORTAL-xxx3</role-name>
<role-name>G-PORTAL-xxx4</role-name>
<role-name>G-PORTAL-xxx5</role-name>
<role-name>G-PORTAL-xxx6</role-name>
<role-name>G-PORTAL-xxx7</role-name>
<role-name>G-PORTAL-xxx8</role-name>
<role-name>G-PORTAL-xxx9</role-name>
<role-name>G-PORTAL-xxx10</role-name>
<role-name>G-PORTAL-xxx11</role-name>
<role-name>G-PORTAL-xxx12</role-name>
<role-name>G-PORTAL-xxx13</role-name>
<role-name>G-PORTAL-xxx14</role-name>
<role-name>G-PORTAL-xxx15</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>org.apache.catalina.realm.JNDIRealm</realm-name>
<!-- <realm-name>Axis Basic Authentication Area</realm-name> -->
</login-config>
<security-role>
<role-name>G-xxx1</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx2</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx3</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx4</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx5</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx6</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx7</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx8</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx9</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx10</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx11</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx12</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx13</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx14</role-name>
</security-role>
<security-role>
<role-name>G-PORTAL-xxx15</role-name>
</security-role>
Then there's some other stuff in here, such as <servlet>, <servlet-mapping>,
<session-config>, <mime-mapping>, <welcome-file-list>, <context-param>,
<listener>, <resource-ref>, <error-page>
> > This is for the same page I'm calling. I would like to know if
> > something has changed in the way Tomcat 7.0.52 handles this call
> > from the way it used to in 5.5.29.
> >
> > I'm trying to eliminate either Tomcat or Java from this issue, as
> > nothing else has been changed besides the upgrade of these two
> > (except for WEB-INF/web.xml, which may also be the cause, if so,
> > is this something that this group could help me with?).
>
> The servlet spec has changed slightly in the intervening versions. It
> may depend upon your configuration that I requested above.
>
> Are you having a specific problem, or are you just wondering why you
> are seeing more output?
>
Yes it is a specific problem, the page doesn't load all the data and
information. Basically the page should be a load of tabs (created by Yahoo
User Interface 2.6.0 - I know this is out of date, but the new version is
considerably different and will take a long time for me to learn and re-do),
then some of the tabs will have sub tabs (hence the
includes/tab_defaultsettings.jsp as one of the additional calls). So on the
upgraded version the data on the tabs don't load, it sort of pushes the data up
(not sure if you can see the screenshot here):
whereas the pre-upgrade loads the data and sub-tabs:
I hope this helps and I've not overloaded again :-)
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTIve2AAoJEBzwKT+lPKRYGO8QAJBevD64cmJWvC6D9qjCXnwm
> qlhfOIySRsmBIz6PPXyH1k2+H3YkRJEsTAiqdsGZ+WASc8tDQvPFrC3wyZB6p3ft
> n2lNYYEMhBid39ahrFv+RlgKOsTd3enHiLeiVdD1wuub/P4fj3yEkR0+aM+CoSrl
> n06SgLAU4CN9qrYi+nTx4tvlzCElEjbWVkw/PJgKJGB9x4uM5eueZXdri8ymDiLI
> a/eaZA5PW4jow+xXLgoBsPSVsrggjUjPdsvz7byMF324Syin73xrjm4WNkWchLD0
> e8R8u6Ozew/e3uTTiyGh9WHTacNPAKb0er8jAIwYXTddqxYbnnbnFGAyc5jmLtmp
> QAgn2xW1SRYJiQu7cuBOCO5uJY6uOkSYpj2NKYNMuCKi8MMaKp9XYY/D/CLNjvFP
> YQhHySdwaPsjEprmU/IfMt+3uzRn6TFKsDBJA7LA8Jotv64kobohjkoTk6A6ihPJ
> mGBOPQtdUw4kYSbq0ETSqcUnW2vM5V3VaaouL5+jmKIwjtbyN48rh8OKO6qz2gaR
> mpLy3Zgu4KGCAEsIEuTjs0D6fHDpmSzsm03Ai1glHXrIZG6mRSU7J2z3XtlACsWO
> bcRzOBCLOfxCBUYUD6PKqcOW0D0sfWfoQqTxqqTbb1mJkH/9I7zRZjTH/Gl+jxQ4
> fh3XbIAaQ5WNR3BQHWOW
> =cBU1
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
