Any of you guys have enabled SSI (ServerSide Includes) in JBoss? I guess it should be not difficult as it is built on top of a Tomcat instance.
Tomcat already includes in catalina.jar the org.apache.catalina.ssi.SSIServlet so just declare the servlet and attach it to a mapping URL, by setting this in the applications web.xml
<servlet>
<servlet-name>ssi</servlet-name>
<servlet-class>
org.apache.catalina.ssi.SSIServlet
</servlet-class>
<init-param>
<param-name>buffered</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>expires</param-name>
<param-value>60</param-value>
</init-param>
<init-param>
<param-name>isVirtualWebappRelative</param-name>
<param-value>1</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
I put all the parameters, you can see their definition in this Tomcat SSI reference.
As the doc says, SSI can bypass security policies so it must be privileged, do this changing the context.xml located in jboss-web.deploy inside the deploy folder. Just add privileged="true" to the root element.
<Context ... privileged="true">
The servlet will just act as a proxy for the files matching the URL of its mapping.
Related
I have been trying (for about a day now) to figure out how to send a #POST request from my client to my web service but I am getting a 403 error and I have no idea why. I have tried editing my web.xml files to allow the correct authorization but it still isn't working. Below are my WEB-INF web.xml and Tomcat web.xml files. Any help would be greatly appreciated, this has been beyond frustrating. Also, I am very new to both Tomcat and Jersey so it very well could be a very stupid/simple error.
Specs
OS X El Capitan 10.11.2
Tomcat Version 7.0 Server
Eclipse JEE Kepler R Cocoa x86_64
Jersey 2.23.1
JRE 1.7
Postman as my client (Google chrome ext)
Server web.xml
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent, X-Requested-With</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
WEB-INF web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- This web.xml file is not required when using Servlet 3.0 container,
see implementation details http://jersey.java.net/nonav/documentation/latest/jax-rs.html -->
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.example.messenger</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/webapi/*</url-pattern>
</servlet-mapping>
</web-app>
That should not happen. Your error is handled somewhere. Look these annotations:
#ControllerAdvice
#ResponseStatus(HttpStatus.FORBIDDEN)
#ExceptionHandler(YourException.class)
This example (https://wolfpaulus.com/journal/java-journal/jersey/) has a somewhat altered web.xml:
<display-name>Jersey Web Application</display-name>
<servlet>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
That example page seems to highlight your exact environment (except the author uses IntelliJ rather than Eclipse... but you can download the community edition for free, and Java 8 rather than 7) - so you may want to follow along with it to get up and running.
I am setting the development environment for a product on which I have to work.
Into the tutorial I found that it say that I have to modify the TomCat web.xml configuration file adding these line into the section:
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
What exactly do this setting?
Tnx
My understanding is this is a parameter that's nested inside a
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
According to a tutorial -
"If you wish, you can modify Tomcat's settings to reduce the amount of
white space in HTML that is created from JSPs (Java Server Pages).
White space is controlled by the trimSpaces parameter in the JSP
compiler."
I followed the guide found here:
https://github.com/wordnik/swagger-core/wiki/Java-JAXRS-Quickstart
Here is my POM:
<!-- SWAGGER -->
<dependency>
<groupId>com.wordnik</groupId>
<artifactId>swagger-jersey-jaxrs_2.10</artifactId>
<version>1.3.0</version>
</dependency>
The Annotations are found fine, so i am assuming the POM is working OK
For WEB.xml, I tried doing multiple things, following the guide:
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.thomsonreuters.ips.service;com.wordnik.swagger.jersey.listing</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<!-- SWAGGER serverlet? -->
<servlet>
<servlet-name>JerseyJaxrsConfig</servlet-name>
<servlet-class>com.wordnik.swagger.jersey.config.JerseyJaxrsConfig</servlet-class>
<init-param>
<param-name>api.version</param-name>
<param-value>1.0.0</param-value>
</init-param>
<init-param>
<param-name>swagger.api.basepath</param-name>
<param-value>http://localhost:8080/{PROJECTNAME}</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
but this throws a wild error when i try to reach:
localhost:8080/{PROJECTNAME}/service/api-docs
HTTP Status 500 - java.lang.NoSuchMethodError: com.wordnik.swagger.annotations.ApiOperation.authorizations()Ljava/lang/String;
next I saw around the googleverse to modify the web.xml to the following:
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>api.version</param-name>
<param-value>2.0</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.thomsonreuters.ips.service;com.wordnik.swagger.jaxrs;</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
note the api.version and the new jaxrs init param.
when that happens, and i go to
http://localhost:8080/ScholarlyItemService/service/api-docs
i get no errors, but i do get useless webpage:
{"apiVersion":"0.0","swaggerVersion":"1.2"}
I think you almost have it. What you see is not a useless webpage, it's rather the documentation of your service built by swagger as a json document. You have to annotate your code as shown in the Quickstart guide. This should show up in this document.
What you may actually want is the Swagger UI: http://swagger.wordnik.com/ to see this document in a readable way.
It took me a moment, but I got it running. You have to download from here: https://github.com/wordnik/swagger-ui, and copy the contents from the dist folder to your /webapp folder. You can then open the contained index.html in a browser. In my case, I could not access this document directly, so I had to put the dist' contents in a subfolder (e.g. /docs) and exclude this from my servlet mapping in web.xml as described here: http://blog.ericdaugherty.com/2010/02/excluding-content-from-url-pattern-in.html.
In the index.html change the url: "http://petstore.swagger.wordnik.com/api/api-docs",
part to your api endpoint http://localhost:8080/ScholarlyItemService/service/api-docs and you will get your api documentation when calling http://localhost:8080/ScholarlyItemService/docs/index.html
I am learning Servlets.
In web.xml of an application, I found the following Servlet code.
Can somebody please explain me the significance of the code
<servlet id="Servlet_1060120206078">
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param id="InitParam_1060120206077">
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param id="InitParam_1060120206076">
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param id="InitParam_1069371544495">
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<init-param id="InitParam_1069371544496">
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
Thanks
Nirmalya
This is just defining a servlet (in this case a FrontController for Struts) that is used to handle requests. Later on in the file I'm sure you'll also find a servlet mapping that maps this servlet to http requests.
The <init-param> elements are key/value pairs that the servlet can read on startup. Struts uses these for configuration.
All the InitParam_XXX stuff is un-necessary, my guess is that it was machine generated by some editor.
Check this out for more details:
http://netbeans.org/kb/docs/web/quickstart-webapps-struts.html
I have Vaadin web application with spring security integration for authentication. The configuration of the Vaadin servlet is pretty simple:
<servlet>
<servlet-name>Vaadin Application Servlet</servlet-name>
<servlet-class>com.example.SpringApplicationServlet</servlet-class>
<init-param>
<param-name>applicationBean</param-name>
<param-value>mainApplication</param-value>
</init-param>
<init-param>
<param-name>widgetset</param-name>
<param-value>com.example.widgetset.CustomWidgetSet</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Vaadin Application Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
The servlet initializes the Spring Context and returns the Vaadin application. I have also configured the security for that and have a custom login form configured like this:
<servlet>
<servlet-name>login</servlet-name>
<jsp-file>/jsp/login.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>login</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>login_error</servlet-name>
<jsp-file>/jsp/loginError.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>login_error</servlet-name>
<url-pattern>/login_error</url-pattern>
</servlet-mapping>
The login form is styled with an external css and there are also some images. Basically the images are located in /jsp/img and the stylesheet in /jsp/login.css. So the WAR structure looks like:
/jsp
/META-INF
/VAADIN
/WEB-INF
Neither the images nor the css gets loaded, because obviously all those requests are mapped to the vaadin servlet. How can I define some static resources directory, which wouldn't be served by the Vaadin servlet? I have tried the spring mvc:resources but that didn't work. Thank you for your help.
Bye,
Filip
I have figured this out. Although it is rather a workaround. I have mapped the Vaadin Application Servlet to something like /app/* instead of to /* (Remember that in this case you also have to map the same servlet to /VAADIN/*). With this configuration I am able to access the jsp directory from my webapp and everything works fine. I have deleted the whole Spring Resources configuration, as this just didn't work.
So once more, I am still pretty not pretty comfortable with this solution and would rather have my RESOURCES dir configured other way, but the client is happy :). If anyone has got the right solution I would appreciate to read it.
Use a url rewrite filter to get more contro on url mapping.
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
then map Vaadin application to /vaadin for example and configure url maping in urlrewrite.xml
<rule>
<from>/styles/**</from>
<to last="true">/styles/$1</to>
</rule>
<rule>
<from>/images/**</from>
<to last="true">/images/$1</to>
</rule>
<rule>
<from>/**</from>
<to>/vaadin/$1</to>
</rule>
<outbound-rule>
<from>/vaadin/**</from>
<to>/$1</to>
</outbound-rule>
EDIT
Other option is put static files in /VAADIN/ directory.
I have figured this out. Although it is rather a workaround. I have mapped the Vaadin Application Servlet to something like /app/* instead of to /* (Remember that in this case you also have to map the same servlet to /VAADIN/*). With this configuration I am able to access the jsp directory from my webapp and everything works fine. I have deleted the whole Spring Resources configuration, as this just didn't work.
So once more, I am still pretty not pretty comfortable with this solution and would rather have my RESOURCES dir configured other way, but the c
Might be late but for who is still having problems with serving static content while using vaadin /* mapping, the solution I found was using apache's default servlet org.apache.catalina.servlets.DefaultServlet, so a web.xml will have something like:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>myservlet</servlet-name>
<servlet-class>com.vaadin.server.VaadinServlet</servlet-class>
<init-param>
<param-name>UI</param-name>
<param-value>com.ex.myprj.MyUI</param-value>
</init-param>
<!-- If not using the default widget set-->
<init-param>
<param-name>widgetset</param-name>
<param-value>com.ex.myprj.AppWidgetSet</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>myservlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Static content Servlet</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Static content Servlet</servlet-name>
<url-pattern>/customer/*</url-pattern>
</servlet-mapping>
</web-app>
So in the example above, despite having vaadin at /*, the /customer/* part will be served as static content by the DefaultServlet