I'm trying to use AntiSamy to prevent XSS attacks on my site. I downloaded the following jars and added them to "/WEB-INF/lib"
antisamy-1.5.3.jar
nekohtml.jar
xercesImpl-2.5.0.jar
along with a policy file antisamy-slashdot-1.4.4.xml in "/WEB-INF".
I tried to implement a filter through web.xml. A snippet of the servlet I'm using is
public class AntiSamyFilter implements Filter {
private static final Logger LOG = Logger.getLogger(AntiSamyFilter.class);
private final AntiSamy antiSamy;
public AntiSamyFilter() {
try {
URL url = this.getClass().getClassLoader().getResource("antisamy-slashdot-1.4.4.xml");
LOG.info("After getResource");
Policy policy = Policy.getInstance(url.getFile()); //Deployment fails
LOG.info("After Policy");
antiSamy = new AntiSamy(policy);
LOG.info("After antiSamy");
} catch (PolicyException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
}
The deployment fails after Policy policy = Policy.getInstance(url.getFile());. It's probably because of the path of the policy file.
Can someone please tell me where the policy file should be kept?
The url.getFile part fails because it couldn't find the antisamy-slashdot-1.4.4.xml file. I created a package in src/my/package and changed
URL url = this.getClass().getClassLoader().getResource("antisamy-slashdot-1.4.4.xml");
to
URL url = this.getClass().getClassLoader().getResource("/my/package/antisamy-slashdot-1.4.4.xml");
I also added batik.jar along with the other jar files. It solved my problem
Related
Currently I am unable to grab -> archive -> decrypt a file from an SFTP server. I have tested the logic using local directories but with no success using SFTP.
The connection appears to be established to the server as neglecting to pass the private key will result in a connection exception. When the key is being passed no exception is given from the route itself but no files are copied. What would be a potential solution or next steps to help in troubleshooting this issue?
I am using the absolute directory's in which the files would be stored from the sftp location.
CamelContext camelContext = new DefaultCamelContext();
camelContext.getRegistry().bind("SFTPPrivateKey",Byte[].class,privateKey.getBytes());
String sftpInput = buildURISFTP(input,inputOptions,connectionConfig);
String sfpOutput = buildURISFTP(output,outputOptions,connectionConfig);
String sfpArchive = buildURISFTP(archive,archiveOptions,connectionConfig);
camelContext.addRoutes(new RouteBuilder() {
public void configure() throws Exception {
PGPDataFormat pgpDataFormat = new PGPDataFormat();
pgpDataFormat.setKeyFileName(pPgpSecretKey);
pgpDataFormat.setKeyUserid(pgpUserId);
pgpDataFormat.setPassword(pgpPassword);
pgpDataFormat.setArmored(true);
from(sftpInput)
.to(sfpArchive);
//tested decryption local with file to file routing
.unmarshal(pgpDataFormat)
.to(sfpOutput);
}
});
camelContext.start();
Thread.sleep(timeout);
camelContext.stop();
public String buildURISFTP(String directory, String options, ConnectionConfig connectionConfig){
StringBuilder uri = new StringBuilder();
uri.append("sftp://");
uri.append(connectionConfig.getSftpHost());
uri.append(":");
uri.append(connectionConfig.getSftpPort());
uri.append(directory);
uri.append("?username=");
uri.append(connectionConfig.getSftpUser());
if(!StringUtils.isEmpty(connectionConfig.getSftpPassword())){
uri.append("&password=");
uri.append(connectionConfig.getSftpPassword());
}
uri.append("&privateKey=#SFTPPrivateKey");
if(!StringUtils.isEmpty(options)){
uri.append(options);
}
return uri.toString();
}
Issue was due to lack of knowledge around FTP component
https://camel.apache.org/components/3.18.x/ftp-component.html
Where it is specified that absolute paths are not supported, unfortunately I did not read this page and only referenced the SFTP component page where it is not specified.
https://camel.apache.org/components/3.18.x/sftp-component.html
Issue was resolved by backtracking directories with /../../ before giving the absolute path.
I am using Grizzly to serve my REST service which can have multiple "modules". I'd like to be able to use the same base URL for the service and for static content so I can access all these urls:
http://host:port/index.html
http://host:port/module1/index.html
http://host:port/module1/resource
http://host:port/module2/index.html
http://host:port/module2/resource
The code I'm trying to set this up with looks like this:
private HttpServer createServer(String host, int port, ResourceConfig config)
{
HttpServer server = GrizzlyHttpServerFactory.createHttpServer(URI.create("http://" + host + ":" + port + "/"), config, false);
HttpHandler httpHandler = new CLStaticHttpHandler(HttpServer.class.getClassLoader(), "docs/");
server.getServerConfiguration().addHttpHandler(httpHandler, "/");
return server;
}
With this code, I am only able to see the html pages and I get a "Resource identified by path does not exist" response when I try to get my resources.
When I comment out the code to add the HttpHandler, then I am able to access my resources (but don't have the docs of course).
What do I need to do to access both my resources and my static content?
I ended up writing a service to handle static resources myself. I decided to serve my files from the file system, but this approach would also work for serving them from a jar - you'd just have to get the file as a resource instead of creating the File directly.
#Path("/")
public class StaticService
{
#GET
#Path("/{docPath:.*}.{ext}")
public Response getHtml(#PathParam("docPath") String docPath, #PathParam("ext") String ext, #HeaderParam("accept") String accept)
{
File file = new File(cleanDocPath(docPath) + "." + ext);
return Response.ok(file).build();
}
#GET
#Path("{docPath:.*}")
public Response getFolder(#PathParam("docPath") String docPath)
{
File file = null;
if ("".equals(docPath) || "/".equals(docPath))
{
file = new File("index.html");
}
else
{
file = new File(cleanDocPath(docPath) + "/index.html");
}
return Response.ok(file).build();
}
private String cleanDocPath(String docPath)
{
if (docPath.startsWith("/"))
{
return docPath.substring(1);
}
else
{
return docPath;
}
}
}
One thing you can do is run Grizzly as a servlet container. That way you can run Jersey as servlet filter, and add a default servlet to handle the static content. For example
public class Main {
public static HttpServer createServer() {
WebappContext context = new WebappContext("GrizzlyContext", "");
createJerseyFilter(context);
createDefaultServlet(context);
HttpServer server = GrizzlyHttpServerFactory
.createHttpServer(URI.create("http://localhost:8080/"));
context.deploy(server);
return server;
}
private static void createJerseyFilter(WebappContext context) {
ResourceConfig rc = new ResourceConfig().packages("com.grizzly.test");
// This causes Jersey to forward 404s to default servlet
// which will catch all the static content requests.
rc.property(ServletProperties.FILTER_FORWARD_ON_404, true);
FilterRegistration reg = context.addFilter("JerseyApp", new ServletContainer(rc));
reg.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), "/*");
}
private static void createDefaultServlet(WebappContext context) {
ArraySet<File> baseDir = new ArraySet<>(File.class);
baseDir.add(new File("."));
ServletRegistration defaultServletReg
= context.addServlet("DefaultServlet", new DefaultServlet(baseDir) {});
defaultServletReg.addMapping("/*");
}
public static void main(String[] args) throws IOException {
HttpServer server = createServer();
System.in.read();
server.stop();
}
}
You will need to add the Jersey Grizzly servlet dependency
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-grizzly2-servlet</artifactId>
<version>${jersey2.version}</version>
</dependency>
The only problem with this approach is that the default servlet is meant to serve files from the file system, not from the classpath, as you are currently trying to do. You can see in the createDefaultServlet method I just set the base directory to the current working directory. So that's where all your files would need to be. You can change it to "docs" so all your files would be in the docs folder, which would be in the current working directory.
If you want to read files from the classpath, you may need to implement your own servlet. You can look at the source code for DefaultServlet and try to modify it to serve from the classpath. You can also check out Dropwizard's AssetServlet, which already does serve content from the classpath.
Or you can just say forget it, and just serve from the file system :-)
i have placed the wsdl files in
E:/testworkspace/projectname/docroot
WEB-INF
src
com
test
wsdl
if i give the full path say wsdlLocation = "file:E:/testworkspace/projectname/docroot/WEB- INF/src/com/test/wsdl/some.wsdl" , it picks the WSDL file.
but i need to make generic something like directly fetching:
#WebServiceClient(name = "TestInterfaceService",
wsdlLocation = "WEB-INF/wsdl/some.wsdl",
targetNamespace = "http://www.google.com/job")
public class TestInterfaceService extends Service {
public final static URL WSDL_LOCATION;
public final static QName SERVICE = new QName("http://www.google.com/job", "TestInterfaceService");
public final static QName TestInterfaceSoapHttpPort = new QName("http://www.google.com/job", "TestInterfaceSoapHttpPort");
static {
URL url = null;
try {
url = new URL("WEB-INF/wsdl/some.wsdl");
} catch (MalformedURLException e) {
java.util.logging.Logger.getLogger(TestInterfaceService.class.getName())
.log(java.util.logging.Level.INFO,
"Can not initialize the default wsdl from {0}", "WEB-INF/wsdl/some.wsdl");
}
WSDL_LOCATION = url;
}
Can you please suggest how to pick WSDL files independently from that of my local system, currently it throws the error Can not initialize the default wsdl from WEB-INF/wsdl/some.wsdl
You need a valid URL string to be able to create a new URL. If your service does expose the URL, it might be an option to use that.
If your client is a web application, another option is to make the wsdl available via your application and reference it from there using http://localhost/app/some.wsdl
Hope that helps
Not sure what you are trying to achive here, the configuration: wsdlLocation = "WEB-INF/wsdl/some.wsdl" is perfectly fine as long as WSLD file is under WEB-INF/wsdl, if you placed the wsdl in WEB-INF/src/com/test/wsdl and specifying WSDL location like this: wsdlLocation = "WEB-INF/wsdl/some.wsdl - of course it won't work, add your WSDL in WEB-INF/wsdl and all will be fine.
With tomcat 8 I have extend the WebAppClassLoader and add some jar filed from a shared location to the classloader path using addRepository() method. With tomcat 8 addRepository have been removed and new resource implementation have been introduced. I'm still able to use the addUrl method to add jar files. But I would like to implement the new resource based implementation.
I've tried with
DirResourceSet dirResourceSet = new DirResourceSet(getContext().getResources(), "/WEB-INF/lib", "/home/thusitha/lib/runtimes/cxf", "/");
WebResourceRoot webResourceRoot = getContext().getResources();
webResourceRoot.getContext().getResources().addPreResources(dirResourceSet);
But this is not working and still it throws classnotfoundexception
Can someone tell me how to map a directory which contains jars to a particular webapp using Tomcat new resource implementation?
A solution to this problem is to register your resources by overriding the ContextConfig class (org.apache.catalina.startup.ContextConfig). Catalina enters a starting state immediately after it scans your document path for resources. Most of the processing of those resources, such as annotations, is handled by the ContextConfig LifecycleListener. To ensure the resources are added before the context configuration takes place, override the ContextConfig.
final Context currentContext = ctx;
ContextConfig ctxCfg = new ContextConfig() {
#Override
public void lifecycleEvent(LifecycleEvent event) {
if (event.getType().equals(Lifecycle.CONFIGURE_START_EVENT)) {
WebResourceRoot webResourcesRoot = currentContext.getResources();
String baseDir = Platform.getBaseDir(); // Server Base Directory
File libDir = new File(baseDir + File.separator + "lib");
DirResourceSet dirResourceSet = null;
try {
dirResourceSet = new DirResourceSet(webResourcesRoot, "/WEB-INF/lib", libDir.getCanonicalPath(), "/");
} catch (IOException e) {
throw new RuntimeException(e);
}
webResourcesRoot.addPostResources(dirResourceSet);
String[] possibleJars = dirResourceSet.list("/WEB-INF/lib");
for(String libfile : possibleJars) {
WebResource possibleJar = dirResourceSet.getResource("/WEB-INF/lib/"+libfile);
System.err.println(String.format("Loading possible jar %s",possibleJar.getCanonicalPath())); // Just checking...
if (possibleJar.isFile() && possibleJar.getName().endsWith(".jar")) {
WebResourceSet resourceSet = new JarResourceSet(webResourcesRoot, "/WEB-INF/classes", possibleJar.getCanonicalPath(),"/");
webResourcesRoot.addPostResources(resourceSet);
}
}
}
super.lifecycleEvent(event);
}
};
ctx.addLifecycleListener(ctxCfg);
This is an undocumented solution that works on Tomcat 8.0.23. Considering the complexity and difficulty of this I can't say it is a better solution than adding jars directly to ClassLoaders.
I have a preliminary MyService generated with the wsimport gradle task with provided wsdl location path file:/D:/someLocationWherePlacedMyWSDl.interface.v2.wsdl
public class MyService
extends Service
{
private final static URL MyService_WSDL_LOCATION;
private final static Logger logger = Logger.getLogger(com.google.services.MyService.class.getName());
static {
URL url = null;
try {
URL baseUrl;
baseUrl = com.google.services.MyService.class.getResource(".");
url = new URL(baseUrl, "file:/D:/someLocationWherePlacedMyWSDl.interface.v2.wsdl");
} catch (MalformedURLException e) {
logger.warning("Failed to create URL for the wsdl Location: 'file:/D:/someLocationWherePlacedMyWSDl.interface.v2.wsdl', retrying as a local file");
logger.warning(e.getMessage());
}
MyService_WSDL_LOCATION = url;
}
}
How can I change it? It happens because the file was generated in one environment and then the artifact (war) was moved to another server.
Any thoughts?
Yes, I get it. Locally everything works perfectly. But this file located inside war file and when Jenkins trying to get this file /var/distributives/myservice/tomcat-base/wsdl/someLocationWherePlacedMyWSDl.interface.v2.wsdl I get exception (No such file or directory). It looks like it could not see files inside war file. Any thoughts how can I handle this?
Use the constructor of your service class, MyService, to pass the wsdlLocation.
String WSDL_LOCATION = "http://server:port/localtionWSDL.interface.v2.wsdl";
try {
final URL url = new URL(WSDL_LOCATION);
final QName serviceName = new QName("http://mynamespace/", "MyService");
final MyService service = new MyService(url, serviceName);
port = service.getMyServicePort();
// Call some operation of WebService
} catch (final Exception e) {
// Handle the exception
}
I solved this problem with relative path. Here is the solution
#Value("classpath:com//google//resources//wsdl//myservice.interface.v2.wsdl")
public void setWsdlLocation(final Resource wsdlLocation)
{
m_wsdlLocation = wsdlLocation;
}