I have converted my static website into Jease, through localhost:8080/cms, and I can access my website using the URL localhost:8080/index.html and from there I can browse around my entire website. What I am not sure about, how can I configure Jease to directly go to index.html page as soon as I type localhost:8080? Because once I make it globally available I want to make sure the index.html page is accessed through mywebsite.com URL.
Any hints would be appreciated.
Thanks
I am using JeaseCMS 2.8 and the default page already is index.html according to web.xml file.
But this welcome file isn't necessary.
Related
Was wondering whether this would be a potential security risk. I have a java servlet web app and at the bottom of every page, I generate a "report page problem" link which includes the original url request as well as the path to the JSP that the request was forwarded to. The thing is the JSP pages are sometimes in the WEB-INF folder. Is this a potential security risk? As I might be showing the contents of WEB-INF?
It might show that the request was forwarded to
/WEB-INF/views/user/ViewUser.jsp for example.
You could remove part of the path while printing the path and I do not see why users need to know from which jsp the request was forwarded. Otherwise it is not a very big problem as Servlet containers won't serve any content in WEB-INF. By putting your JSPs there, you prevent anyone from directly accessing a JSP by navigating to it in the browser by name.
We have some clients that uses IE's Content Advisor and when they switch pages the login pop up appears this because we don't have a call for labels.rdf file on each one of our pages (we have more than 500 pages).
The problem is that Content Advisor tries to search the ICRA's RDF file on the current page but since we don't have this on each page, it tries to search on the same level as index.html file, and we did a change that if this kind of access in this path is made, we clear all user's info, which raises the login page again.
We've already tried to call from index.html file a newly created labels.rdf file just like this:
<link rel="meta" href="http://www.example.org/corporate/labels.rdf" type="application/rdf+xml" />
First we saw that we didn't had access to this RDF file.
But it was fixed.
Then, when testing this, we saw that it never reaches this labels.rdf file, showing the login page again.
Some one knows how Content Advisor works for a workaround here?
In case someone is looking for the solution, use secure cookies for session management. This worked for me.
Let's say someone enters the following URL in their browser:
http://www.mywebsite.com/<script>alert(1)</script>
The page is displayed as normal with the alert popup as well. I think this should result in a 404, but how do I best achieve that?
My webapp is running on a Tomcat 7 server. Modern browser will automatically protect against this, but older ones, I am looking at you IE6, wont.
It sounds like you are actually getting a 404 page, but that page includes the resource (in this case a piece of JavaScript code) and doesn't do any converting of < and > to their respective HTML entities. I've seen this happen on several websites.
The solution would be to create a custom 404 page which doesn't echo back the resource to the page, or that does proper HTML entity conversion beforehand. There are plenty of tutorials you can find through Google which should help you do this.
Here's what I did:
Created a high level servlet filter which uses OWASP's HTML sanitizer to check for dodgy characters. If there are any, I redirect to our 404 page.
You should put a filter in your webapp to protect against an XSS attack.
Get all the parameters from the HttpServletRequest object and replace any parameter with value starting with with spaces in filter code.
This way any harmful JS script won't reach your server side components.
I am developing a evaluation system. I have set up a dynamic web project in eclipse (with apache tomcat) and have been able to successfully access and view project when accessing it on my local host. However, I just deployed it online (via a war) and when I access the site the web pages do not render. All that is shown is the code. I set the doc type and the content type in an html comment and a meta tag respectively. Why could this be happening? the site is deployed at (REMOVED) as of right now.
Firebug is a great tool to check the HTTP request/responses. Check the Net tab. Here are the HTTP response headers which I get when I access the site which you linked in the question:
Note the content type. It's wrong, it should be text/html. If you was using JSP to serve the response, then you probably had like this in top of your JSP
<%#page contentType="text/plain" %>
you should remove this (it already defaults to text/html) or if in vain, replace this by
<%#page contentType="text/html" %>
If still in vain, contact the support of your hosting.
I've googled around and only found solution where they suggest putting an apache httpd in front of glassfish. Sure, that works.
But what if I do not wish to/cannot put any thing in front of glassfish?
Without using the index.jsp in the docroot of the domain to have something like:
<%
String redirectURL = "https://stackoverflow.com/";
response.sendRedirect(redirectURL);
%>
Can I make browser to be redirected when I point it to: http://my.glassfish.domain/ ?
To provide a little bit more details:
I tried adding a property to the vitual server as:
redirect_1 from=/ url=https://stackoverflow.com/
But that make everything to be redirected to https://stackoverflow.com/, eg. http://my.glassfish.domain/myapp redirects to https://stackoverflow.com/ while all I want was http://my.glassfish.domain/ to be redirected to https://stackoverflow.com/
Any help please?
Maybe you can use UrlRweriteFilter to redirect users according to defined mappings. Here are some examples
I think the solution you dismiss is actually the 'best'...
Write a jsp in the docroot for the server.
If you really have to do something fancier, due to complications that you haven't described, you may want to try creating a new DefaultServer. Look in your domain-dir/config/default-web.xml.
You may want to look at the code of the DefaultServer that ships with GlassFish Server 3 as a guide.
Modify the DNS mapping for the given URL in your DNS Server (/etc/host on your local machine) . May not be a feasible solution for you - but it does the work of directing the user.
No you can not. When a request comes to your server, there should be a page (HTML/JSP/Servlet) to process that page. That page should do whatever you wanted to do.
So you must create a HTML / JSP / Servlet.
Hope this helps.