Bug when specifying url-pattern in web.xml

Similar Messages

• How to use a wild card for url pattern in web.xml?

            I want to use web container managed security to protect all my JSP pages. I tried
            to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
            However, none of my pages is protected. Specifying each page individually works,
            but I really don't want to do that. Any ideas?
            

  Eric:
            Which version of WebLogic Server are you using (including any service pack or rolling
            patches)?
            Eric Ma wrote:
            > I want to use web container managed security to protect all my JSP pages. I tried
            > to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
            > However, none of my pages is protected. Specifying each page individually works,
            > but I really don't want to do that. Any ideas?
            Jim Brown
            Developer Relations Engineer
            BEA Support
            

• Regular expression in url-pattern in web.xml

  hi,
  could any tell me the is web.xml accepts regexp(except wild card) in it's url-pattern attribute. I want to put regular expression (except wildcard, i know it supports) as [a-zA-Z]+ like in url-pattern in servlet-mapping. I tried this :
  <servlet-mapping>
  <servlet-name>AppDnldMain</servlet-name>
  <url-pattern>/[a-zA-Z]+/?</url-pattern>
  </servlet-mapping>
  But it dint work.. I dont know whether i processed in right way. Any suggestion are most welcome..

  No it does not accept wild card.
  Servlet specification section SRV.11.2
  In theWeb application deployment descriptor, the following syntax is used to define
  mappings:
  • A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used
  for path mapping.
  • A string beginning with a ‘*.’ prefix is used as an extension mapping.
  • A string containing only the ’/’ character indicates the "default" servlet of
  the application. In this case the servlet path is the request URI minus the context
  path and the path info is null.
  • All other strings are used for exact matches only.
  If you want regex matching, you can match all urls to a single servlet, and then use request.getRequestURI and do regex on that in your code.
  Cheers,
  evnafets

• When to specify taglib uri in web.xml

  When declaring a URI in the taglib directive, when must you include the taglib elements in web.xml, and when can you avoid them?
  I tried putting a relative path to the .tld file, setting uri to �/WEB-INF/mysubfolder/myfile.tld�, but my web server complains that I�m missing a tlib-version element somewhere�
  What is the uri path relative to, and in what cases must you include a mapping in web.xml and when do you not have to?
  Thanks.

  So it sounds like your tld file has some invalid xml in it.
  Double check the contents of your tld file.
  If you declare a <uri> in your taglibrary, then you never need to declare it in web.xml.
  You can just use that "well-known" uri to access your tag library.
  The tld has to be either
  1 - in the META-INF folder of a jar file deployed
  2 - under the WEB-INF directory
  See JSP specification section JSP.7.3.1

• Error creating acl for (resource). I get this error when entering security info in web.xml.

  We're using iWS 6.0. Is there some security configuration that needs to be done in order to use standard security directives in our web application's web.xml?
  Thanks!

  Hi ,
  I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Declarative Security Test</web-resource-name>
  <url-pattern>/SuperServlet</url-pattern>
  <url-pattern>/*</url-pattern>
  <http-method>post</http-method>
  <http-method>get</http-method>
  </web-resource-collection>
  <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
  <auth-constraint>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>guest</role-name>
  <role-name>member</role-name>
  </security-role>
  The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.

• Maintaining Portal Desk top URL aliases in web.xml file

  Hi All,
  I am planning to configure portal url alias i.e http://localhost:53000/irj/portal/finance
  should take me directly to finance portal desk top.
  1) Created a Desktop named finance_desktop
  2) Master rule has been set for URL Alias.
  3) I need to set URL alias name: finance in web.xml file
  4) path for the web.xml file is C:\usr\sap\SID\JCXX\j2ee\cluster\server0\apps\sap.com\irj\servlet_jsp\irj\root\WEB-INF\web.xml
  5) Where exactly i have to change web.xml  file
  Infact i have seen a pdf "How to configure the J2ee engine deployment descriptor"
  Thanks in advance
  Regards,
  Murali

  Hi
  indeed one small copy/paste mistake from me ... sorry for that...
  After you copyed the large chunk of code (as i discribe in step 1 and 2) you must rename:
  <param-name>portal</param-name>
  to
  <param-name>portal/finance</param-name>
  so then that part of the web.xml will look like this:
  <init-param>
  <param-name>portal</param-name>
  <param-value>
  anonymous=0,proxy=0,low_bandwidth=0,include_in_url=1,include_application_name_in_url=1
  </param-value>
  </init-param>
  <init-param>
  <param-name>portal/finance</param-name>
  <param-value>
  anonymous=0,proxy=0,low_bandwidth=0,include_in_url=1,include_application_name_in_url=1
  </param-value>
  </init-param>
  Good luck again...
  Cheers,
  Benjamin Houttuin
  Message was edited by:
          Benjamin Houttuin

• Validation error when using env-entry in web.xml

  I've added an env-entry element to my web.xml and it falls over at deploy time with a validation error. However, from what I can see, this is valid based on the schema.
  And infact, it matches the example in the weblogic doco - http://edocs.bea.com/wls/docs103/webapp/web_xml.html#wp1025195
  The error I'm getting is:
  <17/12/2008 11:45:56 AM EST> <Error> <J2EE> <BEA-160197> <Unable to load descriptor D:\workspace\source_checkout\investment_control\ic-web\src\main\webapp/WEB-INF/web.xml of module ic-web.war. The error is weblogic.descriptor.DescriptorException: VALIDATION PROBLEMS WERE FOUND
  problem: cvc-complex-type.2.4a: Expected elements 'mapped-name@http://java.sun.com/xml/ns/javaee injection-target@http://java.sun.com/xml/ns/javaee' instead of 'env-entry-type@http://java.sun.com/xml/ns/javaee' here in element env-entry@http://java.sun.com/xml/ns/javaee:<null>
       at weblogic.descriptor.internal.MarshallerFactory$1.evaluateResults(MarshallerFactory.java:234)
       at weblogic.descriptor.internal.MarshallerFactory$1.evaluateResults(MarshallerFactory.java:221)
  My web.xml looks like:
  <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
       version="2.5">
       <description>IC Web</description>
       <env-entry>
            <env-entry-name>aEntry</env-entry-name>
            <env-entry-value>aValue</env-entry-value>
            <env-entry-type>java.lang.String</env-entry-type>
       </env-entry>
  </web-app>
  Any suggestions???

  Found a resolution to this in the end.
  Unless you have the sub-elements in the order below, it will get validation errors.
  <env-entry>
  <env-entry-name>maxAmount</env-entry-name>
  <env-entry-type>java.lang.String</env-entry-type>
  <env-entry-value>aString</env-entry-value>
  </env-entry>
  A bit weird and very frustrating....

• TP3 bug when exposing app module to web service

  Hello,
  I created a simple appmodule with 3 methods:
  public class AppModuleTestImpl extends ApplicationModuleImplApp
      /**This is the default constructor (do not remove).
      public AppModuleTestImpl()
      public String method1()
          return "hello world";
      public SomeBean method2()
          return new SomeBean();
      public String method3( SomeBean bean )
          return "hello world";
  }I want to expose those methods in a web service but in the "service custom methods" selection I can only see method1 even if SomeBean implements java.io.Serializable:
  public class SomeBean implements Serializable
      private String someField;
      public SomeBean()
      public void setSomeField(String someField)
          this.someField = someField;
      public String getSomeField()
          return someField;
  }The documentation says: "Your custom method parameters and return types can use any datatype that implements the java.io.Serializable interface."
  When I look in the message tab I see this:
  Business Components: Method "method2():SomeBean" cannot be exposed via service interface because the return type "(package).SomeBean" is not supported
  Business Components: Method "method3(SomeBean):String" cannot be exposed via service interface because parameter type "(package).SomeBean bean" is not supported
  where (package) is the correct package of the bean.
  Is this a bug?
  Thanks
  Message was edited by:
  user608288

  Can anyone confirm this problem please?

• URL Mapping for packaged JSP's in web.xml file

            Hi,
            I am using weblogic6.0sp2 enterprise edition.I have my JSP's in package structure.
            Suppose my login.jsp is in package com.advice.document. So for URL mapping in
            web.xml what should be given so that by giving that my JSP runs. I have tried
            many options but not got success.
            Here is my web.xml file..
            <web-app>
            <servlet>
            <servlet-name> Login </servlet-name>
            <jsp-file> com\advice\document\login.jsp</jsp-file>
            </servlet>
            <servlet-mapping>
            <servlet-name> Login </servlet-name>
            <url-pattern> /Login</url-pattern>
            </servlet-mapping>
            </web-app>
            If any body knows or have worked on the same then let me know.
            Thanks in advance.
            --- Vipul
            

  Did you try specifying the jsp-file with forward slashes (e.g.,
            com/advice/document/login.jsp)?
            Vipul Garg wrote:
            > Hi,
            > I am using weblogic6.0sp2 enterprise edition.I have my JSP's in package structure.
            > Suppose my login.jsp is in package com.advice.document. So for URL mapping in
            > web.xml what should be given so that by giving that my JSP runs. I have tried
            > many options but not got success.
            > Here is my web.xml file..
            > <web-app>
            > <servlet>
            > <servlet-name> Login </servlet-name>
            > <jsp-file> com\advice\document\login.jsp</jsp-file>
            > </servlet>
            > <servlet-mapping>
            > <servlet-name> Login </servlet-name>
            > <url-pattern> /Login</url-pattern>
            > </servlet-mapping>
            > </web-app>
            >
            > If any body knows or have worked on the same then let me know.
            > Thanks in advance.
            > --- Vipul
            

• URLs not matching the mappings I set in web.xml

  Below is what I observe, I would have expected the URL to match all 3 but it only matches for the first one , any ideas?
  Web.xml contains
  <filter>
       <filter-name>MyFilter</filter-name>
       <filter-class>HWfilter</filter-class>
  </filter>
  <filter-mapping>
       <filter-name>MyFilter</filter-name>
       <url-pattern>/*</url-pattern>
  </filter-mapping>
  http://localhost/Chapter7/test.txt  - URL matches filter
  Web.xml contains
  <filter>
       <filter-name>MyFilter</filter-name>
       <filter-class>HWfilter</filter-class>
  </filter>
  <filter-mapping>
       <filter-name>MyFilter</filter-name>
       <url-pattern>*</url-pattern>
  </filter-mapping>
  http://localhost/Chapter7/test.txt  - URL DOES NOT match filter
  Web.xml contains
  <filter>
       <filter-name>MyFilter</filter-name>
       <filter-class>HWfilter</filter-class>
  </filter>
  <filter-mapping>
       <filter-name>MyFilter</filter-name>
       <url-pattern>/*.txt</url-pattern>
  </filter-mapping>
  http://localhost/Chapter7/test.txt  - URL DOES NOT match filter
  ----------------------------------------------------------------

  I found this in the Servlet API specification:
  � A string beginning with a �/� character and ending with a �/*� postfix is used
  for path mapping.
  � A string beginning with a �*.� prefix is used as an extension mapping.
  � A string containing only the �/� character indicates the "default" servlet of the
  application. In this case the servlet path is the request URI minus the context
  path and the path info is null.
  � All other strings are used for exact matches only.
  According to this, your third one should work if you remove the / and just have *.txt.

• How to specify URL in server.xml of Tomcat

  Hi Everybody,
  I need help.How to specify url in the server.xml.
  I developed one application in the Tomcat 3.3.I want to access the by entering uri(like:http:test.com).
  What are tags to enter in the server.xml.
  Right now i am accessing like:http://localhost:8080/Test/Login.jsp
  I want replace this with (www.test.com).
  This site will access from anywhere means it is going to live.
  So what are things have to do in the server.xml
  Please provide the solution.
  Regards
  Sridhar

  Hi Raktim:
  I looked around on SDN and it seems that i have found what you have been looking for.
  Kindly look at page number 24 and 25 of this page
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4d46fb8a-0b01-0010-9fbe-e4b96533b222
  P.S: Kindly assign points if your query is resolved, also close the question to assist other users narrow the search and find solutions

• Filter does not work with *.jsp URL pattern???

  Hi All,
  I am, by no means, very good at JSF or Java. I have looked at various forum posts on here for ways to implement a security filter to intercept requests to pages that first require one to be logged in, and if not, redirect them to the login page. Yes, I know a lot of you have heard this many times before, and I'm sorry to bring it up again.
  BUT, from the guidance of other posts, I have got a filter that works fine when the url pattern is set to "/faces/*" or "/<anything>/*", however it won't work for "*.jsp" or "*.<anything>"
  My filter is as follows:
  package test.security;
  import javax.faces.context.FacesContext;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.http.HttpSession;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class SecurityFilter implements Filter{
      /** Creates a new instance of SecurityFilter */
      private final static String FILTER_APPLIED = "_security_filter_applied";
      public SecurityFilter() {
      public void init(FilterConfig filterConfig) {
      public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException{
          HttpServletRequest req = (HttpServletRequest)request;
          HttpServletResponse res = (HttpServletResponse)response;
          HttpSession session = req.getSession();
          String requestedPage = req.getPathTranslated();
          String user=null;
          if(request.getAttribute(FILTER_APPLIED) == null) {
              //check if the page requested is the login page or register page
              if((!requestedPage.endsWith("Page1.jsp")) /* This is the login page */
                  //set the FILTER_APPLIED attribute to true
                  request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
                  //Check that the session bean is not null and get the session bean property username.
                  if(((test.SessionBean1)session.getAttribute("SessionBean1"))!=null) {
                      user = ((test.SessionBean1)session.getAttribute("SessionBean1")).getUsername();
                  if((user==null)||(user.equals(""))) {
                     // try {
                   //       FacesContext.getCurrentInstance().getExternalContext().redirect("Page1.jsp");
                    //  } catch (ServletException ex) {
                    //      log("Error Description", ex);
                      res.sendRedirect("../Page1.jsp");
                      return;
          //deliver request to next filter
          chain.doFilter(request, response);
      public void destroy(){
  }My web.xml declaration for the filter is:
  <filter>
    <description>Filter to check whether user is logged in.</description>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>test.security</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>
  Note: I have also tried this with <url-pattern>*.jsp</url-pattern> for the filter mapping in place of the Faces Servlet
  My web.xml declaration for the url pattern is:
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsp</url-pattern>
  </servlet-mapping>Which JSC/NetbeansVWP automatically creates a "JSCreator_index.jsp" which has:
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root  version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
    <jsp:forward page="Page1.jsp"/>
  </jsp:root>When run, this causes an Error 500 in the browser and a NullPointerException in SecurityFilter.java on the line:
  if((!requestedPage.endsWith("Page1.jsp")) /* This is the login page */I think I'm missing something that would be obvious to anyone who knows better than me. Any ideas?

  Dear Ginger and Boris,
  thanks for the information - the problem seems to ocur in EP7 as well, Boris told me it is fixed in SP15. We are on SP14 now, so there is hope !
  actually the information in the oss note stated above is also true, as we have an Oracle DB. On a similar demo system (only difference is SQL DB) the hyphen search works !
  best regards, thank you !
  Johannes

• Security API  on web.xml

  hello i'm java junior programmer.
  my file web.xml bind the follow tag
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>UIWebSecurity</web-resource-name>
  <description></description>
  <url-pattern>/</url-pattern>
  <http-method>
  GET</http-method>
  <http-method>
  POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description>Utente Autenticato</description>
  <role-name>UtenteAutenticato</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>OpenWAY</realm-name>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  bat a i got a trouble .
  after my login in login.html page ,the application required my ather log
  thanks for help me

  Please read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
  If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop.

• Form based authentication problem - security constraint in web.xml

  Hi ,
  I have j_security_check in my login page
  <form name="loginForm" id="loginForm" method="post" action="j_security_check">
       <table id="login" align="center" cellspacing="0" cellpadding="0">
                 <tr>
                      <td class="label">Name</td>
                      <td class="value"><input id="j_username" name="j_username" value="" type="text" ></td>
                 </tr>
                 <tr>
                      <td class="label">Password</td>
                      <td class="value"><input name="j_password" type="password"></td>
                 </tr>               
                 <tr>
                      <td colspan="2" class="submit"><input type="submit" name="Submit" value="Log in >>"></td>
                 </tr>
       </table>
       </form>
  And my web.src consists the following
  <security-constraint>
            <web-resource-collection>
                 <web-resource-name>EP</web-resource-name>
                 <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
  </web-resource-collection>
            <auth-constraint>
                 <role-name>EP</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
  <login-config>
            <auth-method>EPULSE</auth-method>
            <realm-name>AuditManager</realm-name>
            <form-login-config>
                 <form-login-page>/login.jsp</form-login-page>
                 <form-error-page>/error.jsp</form-error-page>
            </form-login-config>
       </login-config>
  After I start the tomcat server I can go to the login page, however when I enter the username and password and press enter..
  http://localhost:8443/au/j_security_check ...
  Can you please advise me whether there is a problem in this?
  Manisha

  Please read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
  If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop.

• WebLogic 9.0 - HTC files not working when specified as a part of cascading

  Same problem as described in:
  http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_clfydoc&answerpage=solution&page=wls/S-10511.htm
  but resolution does not work for me.
  I have created a mimemappings.properties file in BEA directory BEA\user_projects\domains\myDomain\config\mimemappings.properties with following content:
  htm=text/html
  gif=image/gif
  jpg=image/jpeg
  htc=text/plain
  png=image/png
  CSS file:
  .calendarClass {behavior:url(calendar.htc)}
  Web.xml:
  <mime-mapping>
  <extension>htc</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  I also tried htc=text/x-component.
  Stop / Start of server, Redeploy of War, this does not work.
  Any idea ?

  Thanks Ben!
  That helped. I also was using that
  from the examples, and it did not play well in the HTMLPanel.
  I appreciate the quick assistance, as I am pretty new to Spry. I have been creating version 2 of my website code, and one of the conversions has beenfrom JQuery to Spry for almost everything. Spry is a lot easier to conceptualize, except I completely missed the setting you gave me.
  One of my problems is lack of knowledge on how to see what is happening, or not ahppening with javascript on a page.  I have firebug, and that seems to give me some info.  But when I tried to look at stuff with scripts running on the HTMLPanel, I was unable to see anything.
  Thanks again,
  Jamie