we have a GWT application running fine in production environment, but we're noticing a strange behaviour in some rare, random cases.
The problem is that our home page (the GWT entry point) is stuck with a loading message.
Looking throw the generated network traffic, from the login attempt, to the loading message, we can see that the *.nocache.js is correctly loaded from the server (http 200) but the js file declared inside the *.gwt.xml file are not loaded (no server request at all).
It seems that the nocache.js file is loaded correctly, but not executed, thus the absence of the server requests.
Any help would be greatly appreciated.
Related
I manage a few Tomcat 9 applications that are run on a remote server that also use IIS 8.5. Each site has three environments (DEV, TEST, and PROD). All of the environments are the same but on different servers. Their databases (Oracle DB) are also on separate remote servers. I do not use any other third party frameworks for the sites (such as Maven or Gradle).
One of my applications had an issue where an attacker could access the web.xml through a Multiple Directory Traversal Vulnerability. Some brief information can be found here: https://www.securityfocus.com/bid/63052/exploit
However, I discovered on the DEV and TEST (I thought PROD as well) that the filter we put in place was actually causing the site to not work correctly. You'd put in your user and password and click login and nothing would happen. I seemed to have fixed it on the DEV and TEST environment by fixing the regular expression that my code was testing the URI against. Code:
final String REGEX_INCLUDED = ".*\\/WEB-INF\\/web.xml.jsf.*";
...
if (Pattern.matches(REGEX_INCLUDED, URI)) {
log.debug("SecurityFilter redirect");
resp.sendRedirect("/errors/403.html"); // /login.jsf OR /index.html
} else
chain.doFilter(request, response);
I deployed the new war onto PROD, entered my user and password and it would load. The site redirects to the homepage after login, BUT it doesn't actually load if that makes sense. The response is a generic 502 error (shown below) but the URL does, in fact, say /home.jsp where it should respond with the homepage.
502 Error
I've checked the catalina log and I've not found a stack trace or any sign of an error being output. No other logs are useful either in showing what the issue is. I've tried just clearing my cache and retrying, using a different browser, restarting the tomcat service, restarting the site in IIS and nothing.
If there is something I'm missing that you wish to see let me know. BTW, I've tried removing the filter that blocks access to the web.xml just to make sure it wasn't the issue and both with and without the filter, it results in the 502 error.
Thanks in advance for any help.
Answering my own question: I had looked around everywhere and only after posting I found a related post:
502 proxy error on deployment
Their answer helped. The difference between my PROD environment and my DEV/TEST environments is that PROD is on a Proxy. I went to IIS on the server and found the server farm that the site used. I then clicked on the Proxy option and changed my timeout from 30 seconds to 60 seconds. Looks like my proxy was timing out. Hope this helps someone in the future.
I have a GWT Web App (which requires a login) that calls a method on the Servlet (running in Tomcat) to generate a PDF file. The Servlet returns a URL to the file and opens the PDF in an iFrame.
Frame frame = new Frame(reportUrl);
frame.show();
Upon closing the frame (or browser), a request is made to delete the file that was generated server side. Now here is where the problem lies. If I log out of the web application, and open a new tab in IE, it shows the URL in the history that was used to display the PDF. Ideally this file is no longer accessible since it has been deleted on the server, and the user is no longer logged in, however the PDF still displays in the new tab. I assume this is because the PDF file is being cached.
I am unable to reproduce this behavior in Chrome, so I assume the file either isn't being cached in Chrome, or Chrome just handles things a little differently. Long story short, how do I make sure the file/url is no longer accessible once the user logs out of the web app?
Theoretically this is impossible, as you can't remotely clear the client-side cache. Also the user may have used wget or whatever to download the file so you can't assume information will be 100% inaccessible after the session has expired.
That being said, caching hints in the HTTP response headers can to some extent steer what a (well-behaved) client caches. As always implementation differs accross browsers. You can set HTTP headers either from your servlet directly in Java, or you can add them for instance from Apache HTTPD specifying cache headers for instance for all PDF downloads.
There are many resources on cache headers in HTTP, here's a good one: http://www.mobify.com/blog/beginners-guide-to-http-cache-headers/
I've also seen that HTTPS connections cause IE to be much stricter in what it caches, not sure if that is relevant/an option for you.
I have a somewhat baffling issue running a webapp in Apache Tomcat.
After deploying the page works fine, but sometime during the day, a page inevitably fails to compile.
The issue is not with the page itself, the page changes daily, which page seems to be determined by the order/frequency of access.
If nobody has accessed the log page during the day, that's the page that will break down.
If the log page has been accessed, it will keep on working until the next deploy, but another page page will break down.
By break down i mean:
http://codepad.org/V1yosH8k (jsp, more prevailant)
Stacktrace: http://codepad.org/P9VpXBRW (java)
ClassNotFoundException/NoClassDefFoundError: Obviously the class does exist, it works fine if accessed early after deploy.
It happens on the live server, but am unable to reproduce it on my dev machine.
Running apache tomcat 6 with JAVA_OPTS "-Xms1024m -Xmx1900m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=768m -XX:MaxPermSize=768m"
Anyone able to give me a push in the right direction?
I shifted from Eclipse to Jdeveloper. I had a weird problem that I was able to solve but not able to understand.
Whenever I made any changes in HTML in Jdeveloper's web projects the changes were not reflected when I ran the HTML again. The old webpages kept coming in the webbrowser. Same source code. Same CSS/JS. I found that as long as there were proxy settings in my web browser the changes were not reflected. But if I switched off the proxy the changes made in HTML were reflected i.e webpage were displayed with the changes made from last time.
By proxy set I mean proxy setting placed at the following
Window -> Start Menu -> internet options -> Connections -> LAN Settings -> Proxy Server
I have tried to run the resulting URL on Google chrome, Firefox and internet explorer. As long as the web browser was using proxy the changes made in HTML were not shown by running it again.
In Eclipse Juno I simply had to clean Tomcat's directory to get changes reflected.
Anyone can explain why this happens?
Web servers return HTTP headers with every response, and usually those headers specify how long the response can be cached for. Proxy servers read those headers and make a decision whenever they see the same request again -- whether to propagate that request to the server again, or to simply return the cached copy of the response.
You can modify your server's configuration so that it the next time it tells the proxy server not to cache pages. However, some proxy servers are mis-configured or broken, and will cache pages that they are not supposed to cache.
For those cases, one ugly solution that works is to give your JS and CSS files new names whenever you change them. For example, if your index.html file includes index.css and index.js, and you make a change to index.js, you can save the changed file as index.2.js and change the tag in your index.html file to point to index.2.js from now on.
That's a bit drastic, but it works. A simpler solution to start with is to refresh your page using Shift-F5 rather than just F5 (in your browser). That tells the browser to force a refresh of all cached pages, whenever possible.
This seems tied to your proxy server type. There are several proxy server types, one of which is a "Caching Proxy Server". Which, if many users are connected to it, allows static pages to be stored locally on the server for repetitive requests from the client(you). When you change the proxy it is most likely just sending you an updated copy due to not having you as an active client, or being that you are a new user.
I would assume that the content on the new software you are building is precaching saved page names where as Eclipse Juno is was generating real time screens on the fly, bypassing the cached server option.
I'm working on an assignment. An online order system using EJB 3.0. im using jDeveloper 10 and oracle 10g for the database. i have coded around 20%, now i need to check the system that i have developed so far. so when i run the web client it does not show me any error and it runs successfully. but when the browser tries to open the page it says. HTTP 500 internal error on the browser. My jsp page is under web directory anyway. output pic is attached.
how could solve this issue?
Are there any log files on your web server ?
Put in your code some statement to log to file what is doing.
Use a browser with developer support, like Firefox with Firebug, and watch the HTTP transactions.
Which other conditions change between web client and browser mode ?
how could solve this issue?
Look at the log files in your EJB server. There will probably be an entry or entries corresponding to your browser's attempting to fetch the page that resulted in the 500 error. They should give some information about what is happening, and may even give you a stack trace. Also check the SEVERE / ERROR / WARNING entries prior to the event.
If that doesn't give you an answer, you need to investigate what is different about the requests when they come from your web client versus from your browser. If your EJB implementation has a way to capture the incoming request headers, use that. Otherwise, you could use wireshark or tcpdump to capture them.
Thanks for your contributions.
I guess it was something wrong with my jdeveloper 10. i installed the jdeveloper 11 n i started running on it. the project started to run successfully.