Hi,
Pimping the JSP XML syntax and XSL... :)
If, by any chance your JSPs are using XML syntax (or well-formed or
can be well-formed), you can use XSL to transform all of your links to
be encoded for cookie-less users.
For example, the following JSP:
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"; xmlns:c="http://java.sun.com/jsp/jstl/core
" version="2.0">
<jsp:output
omit-xml-declaration="yes"
doctype-root-element="html"
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
"
doctype-public="-//W3C//DTD XHTML 1.0 Transitional//EN"/>
<jsp:directive.page session="false" contentType="text/
html;charset=UTF-8" pageEncoding="UTF-8"/>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<title>foo</title>
</head>
<body>
<p>blah blah <a href="foo.jsp?id=${obj.id}&foo=bar"
class="foo">foo</a> blah.</p>
</body>
</html>
</jsp:root>
can use the following XSL to transform it:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
version="2.0"
xmlns:x="http://www.w3.org/1999/xhtml";
xmlns:c="http://java.sun.com/jsp/jstl/core";
exclude-result-prefixes="x">
<xsl:strip-space elements="*"/>
<xsl:output method="xhtml" />
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="x:a...@href]">
<c:url var="uri" value="{substring-before(@href, '?')}">
<xsl:if test="contains(@href, '?')">
<xsl:variable name="querystring" select="substring-
after(@href, '?')"/>
<xsl:variable name="params" select="tokenize($querystring,
'&')"/>
<xsl:for-each select="$params">
<xsl:variable name="param" select="tokenize(., '=')"/>
<c:param name="{$param[1]}" value="{$param[2]}" />
</xsl:for-each>
</xsl:if>
</c:url>
<xsl:copy>
<xsl:copy-of select="@* except @href"/>
<xsl:attribute name="href">${uri}</xsl:attribute>
<xsl:apply-templates/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>
to create:
<?xml version="1.0" encoding="UTF-8"?><jsp:root xmlns:jsp="http://java.sun.com/JSP/Page
" xmlns:c="http://java.sun.com/jsp/jstl/core"; version="2.0">
<jsp:output omit-xml-declaration="yes" doctype-root-element="html"
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-
transitional.dtd" doctype-public="-//W3C//DTD XHTML 1.0 Transitional//
EN"></jsp:output>
<jsp:directive.page session="false" contentType="text/
html;charset=UTF-8" pageEncoding="UTF-8"></jsp:directive.page>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" />
<title>foo</title>
</head>
<body>
<p>blah blah
<c:url var="uri" value="/foo.jsp">
<c:param name="id" value="${obj.id}"></c:param>
<c:param name="foo" value="bar"></c:param>
</c:url><a class="foo" href="${uri}">foo</a> blah.
</p>
</body>
</html>
</jsp:root>
best,
-Rob
On Feb 5, 2009, at 6:28 PM, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
André Warnier wrote:
Actually, I was just perusing a page in the Tomcat 6 docs :
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
and it actually says, for the "cookies" attribute :
Set to true if you want cookies to be used for session identifier
communication if supported by the client (this is the default). Set
to
false if you want to disable the use of cookies for session
identifier
communication, and rely only on URL rewriting *by the application*.
André has the answer right here (though without details).
In order to get your application to rewrite URLs, you need to pass
every
single outgoing URL through the HttpServletResponse.encodeURL method
(or
HttpServletResponse.encodeRedirectURL if you are using a redirect).
I've found that this is detail is often overlooked in web
applications.
Most JSP tag libraries and things like that do this transparently, so
you may not have even been aware that it was a requirement.
Good luck reviewing all that code ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt
+2YAoKYSCgXVEzLMhSFFk309g0OhO8kP
=SKW6
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
