Goal: User tries to access page without authentication. Site redirects to login page, when they enter details they are returned to the page they were trying to access.
I have a filter which records the last url the user was at in the session. The following code is how i get the uri.
String uri = request.getRequestURI().toString();
String queryString = request.getQueryString();
String completeUri = uri;
if (queryString != null)
{
completeUri += "?" + queryString;
}
In practice this filter seams to be catching external css files, individual images on a page etc so about half the time it works and half the time its pointing to an image or css file.
The mapping for the filter is...
<filter>
<filter-name>ComprehensiveFilter</filter-name>
<filter-class>core.website.control.filter.ComprehensiveFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ComprehensiveFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
So question is. Why does my code store images and external files instead of the url the user was just at? I assume it has something to do with my mapping of the filter.
You should use this code only in case you detect unauthorized access and redirect to the login page. And you should pass it as param, like response.sendRedirect("login.jsp?" + completeUri)
Now, if the filter is applied to every resource (as you do), it will be triggered for images and css files that are included in the login.jsp. You must exclude the login.jsp itself from this redirection (otherwise you will enter a loop), and you must also exclude the css files. This depends on your URL scheme.
if all your pages are .jsp, then map the filter to *.jsp
if your actions to through a single servlet (like a dispatcher servlet), then map the filter to that servlet (instead of <uri-pattern> set <servlet-name>)
if you have "pretty urls", then (in the filter) check if the requested resource ends with .css, .png, .gif etc, and don't enter the redirection logic.
When you have any images on the page, meaning an html <img> tag, then the tag's src attribute refers to an actual URL (see http://www.w3schools.com/tags/tag_img.asp). So when the page is loaded, the browser sends out another request to load that image. Your filter also catches not only the request for the entire page, but also those image loading requests.
Related
I have dojo views eg.: /app/#dashboard, /app/#login etc..
I would like to write a filter which is navigate back to my /app/#login when the user is not authenticated.
The problem is i can't write an url-pattern to the web.xml which can interpret the dojo view's URL after the # mark.
So the application is redirecting to the login, and from there again to the login infinitely. If write url pattern eg.: /app/#dashboard nothing happens, the filter won't called.
In the filter the url is every time /app/ without the # part.
How can i filter out certain dojo views?
I use Apache Tiles to unite multiple jsp pages.What I want is to get the URI of the request that came from web client (from browser). However, when in my jsp page I use
${pageContext.request.requestURI}
I get not web client uri but the local path of the jsp file. For example when web user enters http://company.com/something/ (I want to get /something/) I get /jsp/articles/index.jsp.
I tried requestScope.request.requestURI but it returns empty string. How can I get web client request URI
As per your question,you said when you enter "http://company.com/something/" in the browser,you get /jsp/articles/index.jsp in JSP,it seems your original request has been forwarded to new one. You can try below to get the orginal URI in JSP page.
<% String originalUri = (String) request.getAttribute("javax.servlet.forward.request_uri"); %>
I think the title above is a bit confusing.
What I'm trying to achieve:
I have a jps page(located in WEB-INF) with a hyperlink in it that will call another jsp (in WEB-INF) via servlet.
I understand that this can be achieved using the following:
Go to this page
But because there will be lots of hyperlinks, my idea was to have a general servlet(OpenPagesServlet) to handle all those pages.
Something like this:
JSP page:
<% request.setAttribute("page", "page1.jsp");%>
Page 1
OpenPagesServlet in doGet method:
String page = (String) request.getAttribute("page");
request.getRequestDispatcher("/WEB-INF/" + page).forward(request, response);
I tried the code above and I get:
HTTP Status 404 - Not Found
type Status report
messageNot Found
descriptionThe requested resource is not available.
But if I try with session.setAttribute / sesion.getAttribute the code works fine, but I don't want to have sessions on each time I click on hyperlinks.
The other approach I found was to use:
Page 1
and inside the servlet:
String page = (String)request.getParameter("value");
request.getRequestDispatcher("/WEB-INF/" + page).forward(request, response);
It worked, but this approach is not good because the page can then be accessed directly using the url:
http://localhost:8080/WebApp/OpenPagesServlet?value=page1
So...my question is why request.setAttribute/request.getAttribute is returning 404?
Is there a different approach to achieve what I'm trying to do?
An HttpServletRequest and its attributes only live for the duration of one HTTP request/response cycle. After yo've set the attribute in the JSP, the JSP is rendered and sent as part of the HTTP response body. The Servlet container considers the request handled and clears its attributes. The attribute is now gone.
It is therefore no longer available in the next request that arrives after the user clicks the link.
The session attribute or request parameter is fine. Consider looking into the Front Controller pattern.
Also, consider using the core tag library (in particular the url tag) instead of scriptlets for constructing your links.
My web app directory structure is
myApp
-src
- filtersPackage(all my filters lie in this package)
- servletsPackage(all my controllers and models lie in this package)
- web-content
- web
- views(all my jsp files lie in this dir)
- js(all my javascript files lie in this dir)
In login.jsp, user clicks on FB login button, inside js/FBAUth.js I collect login details and I send it to my auth.do servlet using jquery ajax POST method.
The SessionFilter allows the request to go to AuthServlet's doPost method. In AuthServlet If the credentials are correct then do the following
url = "dashboard.jsp"
request.getSession().setAttribute("uid", id);
view = request.getRequestDispatcher(url);
view.forward(request, response);
return;
I have seen in debug mode that these lines execute but my browser is still stuck on login page. The values for view.requestURI -> /myApp/web/views/dashboard.jsp and
view.servletPath -> /web/views/dashboardTmp.jsp.
I also tried response.sendRedirect(url), but still the browser is stuck on login page. Nothing executes after these lines.
In web.xml, my auth servlet is mapped as follows
<servlet>
<servlet-name>Auth</servlet-name>
<servlet-class>servletsPackage.AuthServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Auth</servlet-name>
<url-pattern>/web/views/auth.do</url-pattern>
</servlet-mapping>
I also tried calling doGet inside doPost, and executed this code in doGet, but all in vain.
What am I missing here ?
This approach seems to be a bit flawed. Your forward is not working because you are using AJAX to post data. You would need to use javascript or rather jquery to handle the redirection.
Check if your jquery AJAX function's callback method is working. print out the responseText using alert(responseText);
Check this link for more information about your problem. And check the first answer. It provides a solution for this problem.
Try to return something from your servlet (write in response writer), retrieve that as ajax response, depending upon that, do a window.location.href ="YOUR URL";
I want to create a JSP page or servlet that will work in 2 ways.
A user visits their own profile page:
http//something.com/profile/
Or they visit their friends page:
http://something.com/profile/FriendsName
They could also visit their own page through an explicit URL like:
http://something.com/profile/YourName
I have a servlet-mapping setup as follows to map any requests to /profile to my JSP that will handle that request.
<servlet>
<servlet-name>Profile</servlet-name>
<jsp-file>/profile.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>Profile</servlet-name>
<url-pattern>/profile</url-pattern>
</servlet-mapping>
Then I was thinking I could setup a filter that will parse the HTTPServletRequest's URL to read after the /profile/.
<filter>
<filter-name>profile-filter</filter-name>
<filter-class>ProfileFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>profile-filter</filter-name>
<url-pattern>/profile*</url-pattern>
</filter-mapping>
Now the filter could set attributes in the HttpServletRequest, how would i go about pulling those out in the JSP page to check if a user name was specified and check if your own name was set?
How would I go about creating a page scoped bean in the ServletFilter so I could use in the JSP page using jspBean like this:
<jsp:useBean id="profileInfo" scope="page" class="ProfileInfo" />
I think a filter only serves to artificially break the logic apart. You can very easily determine the value of the portion of the URL that doesn't match the url-pattern described in the web.xml. The HttpServletRequest class has a method that returns this value for you, it's called getPathInfo(). Here's an example:
<%
String path = request.getPathInfo();
if (path == null || "".equalsIgnoreCase(path)) {
// The path was empty, display the current user's profile
} else {
// Display the named profile
}
%>
This doesn't help you at all with the request beans, but I think it helps with the design.
I'm not completely following the question, but if you want a jsp to access request parameters or attributes, just do:
<%
String parameter = request.getParameter("parameter");
String attribute = request.getAttribute("attribute");
%>
You can also get access to the request url, etc... if you need to do anything with those.
Personally, I'd recommend that you use a servlet to handle your requests, and forward to the jsp of your choosing (possibly after setting session information that the jsp can use).
Using server level filters and request attributes for this kind of thing may be a bit overkill, but only you know your project's true requirements.