We Keep Coding

Use #WebFilter from another library without web.xml

I have a webfilter shared between all my webapps.
#WebFilter(urlPatterns="/*")
public class ApiOriginFilter implements Filter {
#Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
... do something
}
}
Let's say ApiOriginFilter belongs to package org.commons.
Now my webapp.ear imports a common library with ApiOriginFilter.
To make the filter work properly, I had to include it into web.xml, because it seems that if filter belongs to another library it's not enabled by default.
<filter>
<filter-name>ApiOriginFilter</filter-name>
<filter-class>org.commons.filter.ApiOriginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ApiOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Is there any way to make it work without declaring in web.xml ?

How to exclude specific path from web.xml?

I have this configuration:
<servlet-mapping>
<servlet-name>RestletServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
I need to exclude "/xrebel" since Restlet is catching this path--and can't access XRebel. However I need to keep the url-pattern to be /*
What can be done to be able to access such /xrebel path

I had the same issue while developing Web Services last year. But after doing a lot of research I found that there was no easy to do solution for the problem.
Instead the best approach I found was to use prefix servlet URL.
So for all the mappings which you want to be handled by RestletServlet add a prefix to url something like /rest/*
Hope this helps.

One possible solution is to create a filter with the same url pattern to intercept the request.
In your filter you can check if the pattern is equal to /xrebel and then handle the request however you want to.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
System.out.println(requri);
if(requri.equals("/xrebel")){
//do something else
}else{
chain.doFilter(request, response); //continue normally
}
}

x-power-by display in response header

As per the security of web application x-power-by should set to empty when it displays in response header..
In our application we did this by implementing a filter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
// App specific logic...
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("X-Powered-By","");
chain.doFilter(request, response);
httpResponse.setHeader("X-Powered-By"," ");
}
It is showing blank value in response header for x-power-by when hitting the URL, That's well and good but in our application when we hit the URL with query string appended with the URL then for the first request it shows :
x-power-by= JSF1.2
We have also commented out the below portion of x-power-by in web.xml as our application use jboss 5.0.1.
<filter>
<filter-name>CommonHeadersFilter</filter-name>
<filter-class>
org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
<!--
<init-param>
<param-name>X-Powered-By</param-name>
<param-value>Servlet 2.5; JBoss-5.0/JBossWeb-2.1</param-value>
</init-param>
-->
</filter>
But doing all the two things mention above I am getting x-power-by displayed in the response header when I hit the URL with query string appended for the 1st time.
URL like:
https://example.com?html="abcd",p_ab="shdhsgdhs"
Don't know how to resolve it,any help is highly appreciated.

1) Add following entry to your application web.xml.
<context-param>
<param-name>com.sun.faces.sendPoweredByHeader</param-name>
<param-value>false</param-value>
</context-param>
2) I don't think you need any filter to overwrite this header (based on jboss documentation).

Why live AppEngine is not calling my servlet filter?

I have a servlet filter written for my app engine project.
It is being called from the local development machine.
But it is not called when I put the code in Google App Engine live server.
Can anybody explain why?
This is how it is mapped in web.xml
<filter>
<filter-name>ErrorHandlerFilter</filter-name>
<filter-class>com.fms.advocacy.filters.ErrorHandlerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ErrorHandlerFilter</filter-name>
<url-pattern>/_ah/api/*</url-pattern>
</filter-mapping>
And this is the filter.
public class ErrorHandlerFilter implements Filter {
private static final Logger log = Logger.getLogger(ErrorHandlerFilter.class.getName());
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.warning("Entered ErrorHandlerFilter!!");
}
}
PS: I am using Google Cloud Endpoint for coding my APIs

The issue was with the <url-pattern>/_ah/api/*</url-pattern>.
In server the url is changed to <url-pattern>/_ah/spi/*</url-pattern>
Now it is working.

Custom servlet gives 404 on Tomcat 6, works fine on 7

In my Tomcat 7 web app, I had a servlet for private PDF files: if not logged in, forward the user to the login page; otherwise, use the default servlet to show the page.
#WebServlet(name="pdfServlet",urlPatterns={"/pdf/*"})
public class PDFServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (!isLoggedIn(request, response)) {
getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
} else {
getServletContext().getNamedDispatcher("default").forward(request, response);
}
}
}
Recently, I had to transfer the website to another host which uses Tomcat 6. I removed the #WebServlet annotation, which is not supported in Tomcat 6, and instead added the following to my app's WEB-INF/web.xml, as well as downgrading the servlet specification from 3.0 to 2.5:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
[...]
<servlet>
<servlet-name>pdfServlet</servlet-name>
<servlet-class>com.myapp.PDFServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>pdfServlet</servlet-name>
<url-pattern>/pdf/*</url-pattern>
</servlet-mapping>
</web-app>
However, though the forwarding still works when not logged in, I get a 404 error if the user is logged in, when the default servlet tries to serve the page. It still works fine on my Tomcat 7 version of the site, even with the modifications to the code to make it backward-compatible; it also works fine when the PDF servlet is removed, but then it allows anyone to access the private PDFs.
Why is the default servlet not correctly serving the pages in Tomcat 6 only?

It seems to be a bug in tomcat https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
As suggested by #1" a filter can do the job, here is how it should look:
public class SampleFilter implements Filter {
FilterConfig config; //setter and getters ommited
#Override
public void init(FilterConfig filterConfig) throws ServletException {
this.config=filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
if (!isLoggedIn(request, response)) {
getFilterConfig().getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
} else {
chain.doFilter(request, response);
}
}

I solved this by using a Filter instead of a Servlet. I am still curious about why the error occurs, though.