I have a Java web application that runs on a Tomcat server in a production environment. The application which is built with the Stripes framework works fine but almost every day exceptions are logged in the catalina.log files. Here is, for example, one of the log messages:
net.sourceforge.stripes.exception.ActionBeanNotFoundException: Could not locate an ActionBean that is bound to the URL [/admin/start/Welcome.action].
“/start/Welcome.action” is a valid URL but the URL “/admin/start/Welcome.action” is not present anywhere in my project files. I have no idea where it originates from.
Here are other invalid URLs that are also listed in the log files:
/wordpress/start/Welcome.action
/downloader/start/Welcome.action
/manager/start/Welcome.action
/admin/content/sitetree/start/Welcome.action
These URLs do not exist and have never existed in my application. Apart from them there is another group of ActionBeanNotFoundException messages about URLs that have once existed in the application but they do not any more.
Do you have an explanation of this? I asked this question to my hosting provider but they were unable to answer me. Any ideas would be appreciated!
There are two possibilities: Either some component in your web application generates such a URL - just in esoteric places that people rarely click on. If your application is available on the internet, those links in esoteric places might provide a place for the google bot (or any other bot for that matter) to try what's available in those locations, thus requesting the nonexistent URL. You don't need to go to bots for that matter, some browsers prefetch some URLs before you click.
Another option would be internet background chatter - various computers worldwide try to randomly identify vulnerable systems by just requesting well-known pages in order to find security holes in old software. The URLs that you mention (ending in .action) don't look like those though.
Related
I have a Java web app that deploys as a WAR to Tomcat 7.0.41 (myapp.war). I noticed that when I deploy the WAR to a Tomcat that lives in one part of our network, the web pages display perfectly fine. However, and this only happens in IE 11, if I take the exact same WAR and deploy it to the exact same version/Chef-configured-instance of a Tomcat server that lives in another part of our network, the page stylings look way different and completely wrong. Again, this is specific to IE11 and the location in the network that the app is served from. If I go to the app in IE 11 from a "good" location on the network, the frontend renders perfectly fine. Or if I view the app from a "bad" location on the network, but in a non-IE browser, again all is well.
I have a feeling that we might have some IT proxy (nginx, etc.) that is preventing Tomcat from serving certain CSS/JS files, and so the end result is a partially-complete frontend that looks all wonky in the browser. And somehow, this only crops up in IE 11.
I have (sort of) confirmed this by viewing the source of all my HTML, JS and CSS files and copying them to files in a local folder. I then open up one of the HTML files (locally) in a browser and the site displays perfectly.
The problem here is that my JS files use a bunch of open source JS libraries. And those libraries have dependencies on other libraries. So on and so forth, and the dependency graph is pretty huge. It's tough for me to tell which files are not being downloaded properly/completely.
Here's the kicker: if I add in html5shiv to my app then the problem goes away entirely, no matter which browser (IE or not) or what location in the network I choose. However adding html5shiv breaks other things in my app, and for reasons outside the context of this question, can't be used.
Anyone have any idea how I could troubleshoot/fix this? Why would this only be affecting IE 11 and not other browsers? Why is html5shiv solving this?!?
You need to start using Wireshark.
What it does is capture all network traffic and allow you to view it exactly as it was sent/received by your network card.
What I would do is capture the complete traffic that occurs between your computer and the server in the location where it is working, when you visit the webpage that has the problem. Then repeat that for the server that is not working.
You will then have the complete traffic and can compare them side by side. Even if it doesn't tell you the cause of the problem Wireshark will tell you where the difference is occurring in the packets that are sent by the two different servers.
You could also do it the other way round by running TCPDump (with command like tcpdump -i eth0 -w file.cap -s 0 to get the complete packets, rather than just the first X bytes) on the server, to capture the packets sent, and then viewing the capture in Wireshark.
"Does Wireshark offer such file-level abstractions or is it all nitty-gritty, byte-level output I need to read?"
Kind of both. Basically once you have the stream in front of you, you are able to see the individual requests starting by looking for GET entries in the packets.
Once you've identified where a file starts, you can right-click on that packet, choose follow TCP stream and it will give you a summarised view of that TCP stream:
If you need the detailed difference between the files, it will be there....but tbh it's probably going to be something obvious like a file being completely truncated or mangled, rather than just a byte or two being wrong in one of the files.
for my master thesis I need to keep track of google searches that the users perform. It should be a web project. At first I want to setup a server (that acts like a proxy) to monitor all actions (search queries) performed by the user.
The server should deliver the google search page. I need to keep track of the input the users make and the corresponding results returned from google as well.
My questen is now.. How should I start?
I am not really sure which webserver to use. Should I use tomcat / jetty / or something else?
What about Java Server Faces or Servlets? I worked with JSF long time ago but I am not sure whether its a good decision to use it.
The server should deliver the google search page. Here is my idea: The user connects to my server. The server "reads" the google page and returns it (the source code) to the user. I think of using a listener on the default search field to monitor the search queries of the users. But how is it possible to monitor the results returned from google? The google site itself uses JavaScript I guess. So when the user makes some input it is directly sent to google and the results are directly shown on the webpage thus my webserver does not see anything from the connection between the client and the google services.
The main idea is to monitor a search query and the corresponding search results.
I just need some help and ideas to get started. This is just a small part of my thesis. I do not want to start from zero during my editing time thus I want to make sure that I make the right choices before I start.
Thank you in advance... best regards.
You could use netty as a proxy and just filter and log all search queries. But then again why even use java? From what you describe you wan't to play man-in-the-middle and manipulate/log http traffic.
A quick google search came up with this for python: https://code.google.com/p/proxpy/
Edit: and similar in java https://github.com/adamfisk/LittleProxy
We develop a Java web application which is run on Tomcat. It's been installed on many computers and it's working without problems. Recently, on a single remote installation, it exhibits very strange behavior: Sometimes content coming through HTTP to the browser is randomly shuffled - wrong data being served for a given URL. Most often it manifests as images being randomly exchanged on a web page. But it's not limited to images, it happened to me that instead of a HTML page the browser got one of the images instead.
I tried to debug the problem using FireBug + NetExport, and so far I gathered:
It appears randomly. Most of the time content is error-free, the problem occurs only from time to time.
The same application runs on many installations, but only this single installation produces the error.
It's not connected to a particular browser - we tried different browsers from different computers and the problem persists.
It occurs when viewed from the server itself (localhost) too, which rules out some broken transparent proxy on the way.
Both images and HTML pages are affected.
If wrong content is received, the data itself is consistent: Content-Length, Content-Type, ETags, etc. - everything matches the content. Just that it's wrong data for a given URL.
I'm truly puzzled, I've never seen such an error. I'd be grateful for any ideas how to investigate the problem further.
we will have large files (up to 2 Gb) files on a web page, and want to have the functionality that the user can continue a download if it gets interrupted.
At the moment, the only solution i can come up with is a java applet, i have tried searching for any existing open source projects with this functionality but havent found any so far.
Would be thankful for any tips how to achieve this, or pointers to existing projects or documentation that can be useful.
I am open to any solutions, so it does not have to be java applet (important is that it works in the most common browsers)
You could serve it as a torrent instead of a simple file and let the user's BitTorrent client figure it out.
Assuming you don't want to do that, HTTP lets the client specify a range of bytes to download. The user's browser has to be able to recognize that the file the user wants to download is the same as the one that already exists in partial form and send the proper range headers to the server, and server has to honor them. You can probably take care of the server side, but the browser will have to hold up its end. Some "download manager" programs do this too.
For more information:
http://www.west-wind.com/Weblog/posts/244.aspx
What you need is a Java Download Manager
1. An open Source project exist in google
http://code.google.com/p/jdownloadmon/
HTTPDownloadConnection.java#method connect
2. What partial content range types this server supports
Accept-Ranges: bytes
http://en.wikipedia.org/wiki/List_of_HTTP_header_field
Accept Range will allow the user to pause and resume download.
3.http://stackoverflow.com/questions/3414438/java-resume-download-in-urlconnection
I'd like to create a service where people can enter external websites, after which the returned source will be modified by my application (for whatever purpose) and then returned to the user.
One would normally redirect all traffic through the server, so that the server is the one accessing the external source. This is because HTML5 and flash sockets cannot access external sources unless the external source has the required policy files (please correct me if this is false). Even if the user wants the client to, it still can't access these external sources if the external source itself does not have such policy file.
My question is: can a Java applet access an external source regardless of it's policy file, if the user allows it to? How is this usually done?
If not, is there anything else I can try? Redirecting all traffic through my server is not an option because of 1. high use of bandwidth and server resources for a free service and 2. a high chance of my server being marked as a spam bot or bandwidth hogger.
Thanks in advance.
Regards,
Tom
If choice of technology is not a problem you can use a Java Web start application.
Your application will be launched from a web page (if that is what you want)
After user-confirmation your application can do everything (similar to native apps)
I have actually done this with a Java web start application that used web services from servers other than the one it was launched from.