i want to create url pattern that lead to filter in jsf2.
I tried this code
<filter-mapping>
<filter-name>filter</filter-name>
<url-pattern>www.mysite.com</url-pattern>
</filter-mapping>
but i don't get to my filter.
can you help?
thanks
You are expecting to map the URL path, i.e. the part of URL that follows host and your web application name.
This is how full URL looks like:
http://www.mysite.com:8080/myapp/path1/path2/path3
where:
8080 is a port - optional - default 80
myapp - the context path of your web application. It is empty if your application is default web application on your app server.
path1/path2/path2 the path. This is what you are mapping using <filter-mapping> tag.
So, if for example you want to pass through your filter all requests to JSP pages say:
<url-pattern>*.jsp</url-pattern>
If your UI is under directory ui and you want to filter such requests say:
<url-pattern>/ui/*</url-pattern>
etc.
I hope I get this right:
You want to point an URL to your already created ServletFilter in your JSF 2.0 web application?
You have to register your filter in your webapps web.xml file and map it to your desired URL, e.g.
<!-- register your filter -->
<filter>
<filter-name>YourFilterName</filter-name>
<filter-class>com.your.filter.class</filter-class>
</filter>
<filter-mapping>
<filter-name>YourFilterName</filter-name>
<!-- Mapped to any URL -->
<url-pattern>/*</url-pattern>
</filter-mapping>
Related
I have a WAR file deployed to the root context (/) on Tomcat 8, which has a servlet filter attached to it. The filter checks to see if the user is logged in and if not redirects them to the login page. I also have other contexts deployed in the same Tomcat instance at /app1 and /app2. I want the filter in the root context to also apply to the other contexts, so I don't have to maintain three nearly identical filters (one for each context).
The problem is any URL that falls in the other contexts is not being handled by the filter in the root context. For example, the URI /foo/bar is caught by the filter (because it doesn't correspond to one of the other contexts), but /app1/foo/bar is not caught.
I've tried configuring the filter to catch everything by modifying the filter mapping in the web.xml file:
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and I've also tried explicitly adding each context:
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
<url-pattern>/app1/*</url-pattern>
<url-pattern>/app2/*</url-pattern>
</filter-mapping>
but neither approach worked. I assume it's a security issue--the other contexts need to explicitly allow the root filter. How do I get this to work?
You can't get this to work. Web applications are independent. Requests are mapped to web applications before any Filters or Servlets are mapped.
You best bet with Tomcat (assuming you don't want multiple filter definitions) would be to re-implement your filter as a Tomcat Valve and configure the Valve on the Host.
I have 2 domains for my site which is hosted in google app engine. I want to 301 redirect any request on the less desirable domain to the more desirable domain.
I have tried adding the following to my web.xml
<servlet>
<servlet-name>WebServlet</servlet-name>
<servlet-class>com.wmar.api.WebServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>redirectFilter</filter-name>
<filter-class>com.wmar.api.WebFilterRedirect</filter-class>
</filter>
<filter-mapping>
<filter-name>redirectFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
For the servlet it hits it, but then I don't know how to just load the static resource (ideally just passing onto some default static file handler) if the domain is correct.
For the filter it doesn't hit it.
What is the best way to achieve what I want with servlet 2.5 / google app engine java?
Thanks
I realize now that the current ideal solution is to create a separate app engine project and point non-canonical domains at it which has a simple servlet that just 301 redirects to the canonical domain.
For Http to https 301s app.yaml can be used with secure: always.
As noted by konqi there are undesirable side effects by trying to do it all in the one app engine project/module.
My application is served from this URL -http://t4.gav.com/gui
Now I have added a Servlet filter to filter all requests with /gui/* pattern.
<filter>
<filter-name>AccessCheckFilter</filter-name>
<filter-class>t4.AccessCheckFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AccessCheckFilter</filter-name>
<url-pattern>/gui/*</url-pattern>
</filter-mapping>
I'm not sure why mistake Im doing. If I just give root "/" its working.
If your application is served at http://t4.gav.com/gui most probably your context path of your application is /gui. Which means, whatever you configure on your Servlet Filter is relative to this context path. This is why / is working.
Based on your configuration the container will filter the requests on URL /gui/gui/*.
I have two applications running on 2 different servers (one on tomcat and other on JBoss). Both these applications are connected to the same CAS server for authentication. Right now this CAS server also resides within the same JBoss.
Say:
App-1 --- is on tomcat and CASified
App-2 --- is on JBoss and CASified
CAS --- is on JBoss
Now that I am invoking an url of App-1 from a browser. The CAS login page comes up and after username/password is provided, the request now successfully enters the servlet of App-1. From this servlet code, I am trying to invoke a webservice that resides inside App-2.
Note: I use axis2 for this webservice and the axis2.war is also CASified
to the same CAS server for authentication.
I could not make this webservice call work no matter what I do. Is there a way to achieve this?
Note: If I call the CAS REST api with a hardcoded username/password, I am
getting the TGT, through which I am able to get the Service Ticket, with
which I am able to invoke that web-service. But I do not want to login again
with a hard-coded username or password. My webservice invocation should
happen with the already logged-in user only.
When you call the web service on App-2 are you getting a session cookie back? This should be the mechanism by which you're continuing to have access without reauthenticating on each call. If you're not getting a cookie back, then there's no way in which to continue access without authenticating each time (i.e. there's no way for the server to remember that it's you and that it should trust the rest of the message).
This is possible by using the CAS Proxy feature.
The link
https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
helped a bit. But could not understand where to start with.
First take the CAS client jar from http://downloads.jasig.org/cas-clients/ . In my case I took cas-client-core-3.3.3.jar jar. I have included this jar in my application war.
In the web.xml of my application I have included the following 3 CAS Filters.
<!-- CAS Filters -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas-hostname.domainname:port/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://app-hostname.domainname:port</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>https://app-hostname.domainname:port/app/ticket</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/app/ticket</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cas-hostname.domainname:port/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://app-hostname.domainname:port</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- filter mappings -->
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/app/*</url-pattern>
<url-pattern>/ticket</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
Note-1: The order of filter mapping should be as mentioned above.
First CAS Validation filter mapping should come, followed by CAS
Authentication Filter and last the CAS HttpServletRequest Wrapper
filter.
Note-2: The URL pattern /ticket which is basically your proxy callback
url need not be mentioned in the last two filters.
Once CAS client jar is included in the web-app and web.xml configured with these filters, then all the http requests go through these filters.
So once your http requests entered your servlet, then you can call the following code snippet to get a proxy ticket:
String proxyTicket = ((AttributePrincipal) req.getUserPrincipal())
.getProxyTicketFor(webservice_url);
req is the HttpServletRequest Object and AttributePrincipal is a class which is present in the cas-client-core-3.3.3.jar
This proxyTicket can then be appended to your web-service's URL as a query string like the following:
https://myother-webservice-app.com/ws/myData?ticket=<proxyTicket>
Once this URL is constructed, then you can make the web-service call programmatically.
Hope this helps.
If I use CAS server and my application in the same machine, logout is working fine for me. But if CAS server is deployed on the different machine and my application is deployed on the different machine, then cas logout is not working.
I am calling the following url from my application:
CAS Server URL: https://108.51.62.36:9443/cas/logout
And I have got the following entries in web.xml of my application:
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Included to support Single Logout. Note that the SingleSignOutFilter
is included in the springSecurityFilterChain. However, it could also be placed
as the first filter-mapping in the web.xml -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
Whe you use CAS, this create a secure cookie domain. You can see the value and modify in WEB-INF/spring-configuration:
ticketGrantingTicketCookieGenerator.xml
warnCookieGenerator.xml
So, I suggest don't use Ip. Use another like https://my.domaing.com:9443/cas/logout