Hi,

Pimping the JSP XML syntax and XSL... :)

If, by any chance your JSPs are using XML syntax (or well-formed or can be well-formed), you can use XSL to transform all of your links to be encoded for cookie-less users.

For example, the following JSP:

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"; xmlns:c="http://java.sun.com/jsp/jstl/core " version="2.0">
  <jsp:output
    omit-xml-declaration="yes"
    doctype-root-element="html"
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd "
    doctype-public="-//W3C//DTD XHTML 1.0 Transitional//EN"/>
<jsp:directive.page session="false" contentType="text/ html;charset=UTF-8" pageEncoding="UTF-8"/>
  <html xmlns="http://www.w3.org/1999/xhtml";>
    <head>
      <title>foo</title>
    </head>
    <body>
<p>blah blah <a href="foo.jsp?id=${obj.id}&amp;foo=bar" class="foo">foo</a> blah.</p>
    </body>
  </html>
</jsp:root>

can use the following XSL to transform it:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
  version="2.0"
  xmlns:x="http://www.w3.org/1999/xhtml";
  xmlns:c="http://java.sun.com/jsp/jstl/core";
  exclude-result-prefixes="x">

  <xsl:strip-space elements="*"/>
  <xsl:output method="xhtml" />

  <xsl:template match="@*|node()">
    <xsl:copy>
      <xsl:apply-templates select="@*|node()"/>
    </xsl:copy>
  </xsl:template>

  <xsl:template match="x:a...@href]">
    <c:url var="uri" value="{substring-before(@href, '?')}">
      <xsl:if test="contains(@href, '?')">
<xsl:variable name="querystring" select="substring- after(@href, '?')"/> <xsl:variable name="params" select="tokenize($querystring, '&amp;')"/>
        <xsl:for-each select="$params">
          <xsl:variable name="param" select="tokenize(., '=')"/>
          <c:param name="{$param[1]}" value="{$param[2]}" />
        </xsl:for-each>
      </xsl:if>
    </c:url>
    <xsl:copy>
      <xsl:copy-of select="@* except @href"/>
      <xsl:attribute name="href">${uri}</xsl:attribute>
      <xsl:apply-templates/>
    </xsl:copy>
  </xsl:template>

</xsl:stylesheet>

to create:

<?xml version="1.0" encoding="UTF-8"?><jsp:root xmlns:jsp="http://java.sun.com/JSP/Page " xmlns:c="http://java.sun.com/jsp/jstl/core"; version="2.0"> <jsp:output omit-xml-declaration="yes" doctype-root-element="html" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd" doctype-public="-//W3C//DTD XHTML 1.0 Transitional// EN"></jsp:output> <jsp:directive.page session="false" contentType="text/ html;charset=UTF-8" pageEncoding="UTF-8"></jsp:directive.page>
  <html xmlns="http://www.w3.org/1999/xhtml";>
    <head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
      <title>foo</title>
    </head>
    <body>
      <p>blah blah
        <c:url var="uri" value="/foo.jsp">
          <c:param name="id" value="${obj.id}"></c:param>
          <c:param name="foo" value="bar"></c:param>
        </c:url><a class="foo" href="${uri}">foo</a> blah.
      </p>
    </body>
  </html>
</jsp:root>

best,
-Rob


On Feb 5, 2009, at 6:28 PM, Christopher Schultz wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

André Warnier wrote:
Actually, I was just perusing a page in the Tomcat 6 docs :
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

and it actually says, for the "cookies" attribute :
Set to true if you want cookies to be used for session identifier
communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier
communication, and rely only on URL rewriting *by the application*.

André has the answer right here (though without details).

In order to get your application to rewrite URLs, you need to pass every single outgoing URL through the HttpServletResponse.encodeURL method (or
HttpServletResponse.encodeRedirectURL if you are using a redirect).

I've found that this is detail is often overlooked in web applications.
Most JSP tag libraries and things like that do this transparently, so
you may not have even been aware that it was a requirement.

Good luck reviewing all that code ;)

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt
+2YAoKYSCgXVEzLMhSFFk309g0OhO8kP
=SKW6
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to