Building a HttpServletRequest from a posted request
Hi,
I'd like to build a HttpServletRequest object which is an "altered copy" of a user posted request to a servlet.
I mean that i get a request from an user X but i'd like to call another servlet with different parameters and this second servlet will send to response back (a web page) to the user who sended the first request.
i tried to alter the received request object and transmit it to the second servlet by using request.setAttribute() and request.removeParameter() but the request received by the second servlet seemed to be the user request.
anyone could explain that behaviour or have resolved such problem ?
Is there a particular reason this functionality doesn't exist? Right now I'm duplicating this by recreating the entire url except for a single parameter that I remove, then I redirect the user to that new url. Obviously, that's a horrible way to do things when a removeParameter method on HttpServletRequest would do the job that I want it to do.
Is there a reason that no such functionality exists?
Similar Messages
-
Issue with building an array from a cfhttp request result.
Here is what I am trying to do. Retrieve a bunch of results from a REST request. Run a query to see if I should be excluding any of the xmltext entries coming back from the rest request. Build an array of the REST xmltext entries except the entries in the cfquery.
I have it all workign except building the array minus the entries that came back in the cfquery. Here is my code so far.
<cfquery name="getqueue" datasource="#application.settings.dsn#">
select * from friends
where Deactivatedate < #DATEADD('d', 1, CreateODBCDateTime(now()))#
</cfquery>
<cfoutput query = "getqueue">
<cfhttp blah blah>
<cfset nodes_parse = XmlParse(CFHTTP.FileContent)>
<cfset Nodes = xmlSearch(nodes_parse,'friends/friend/date/activedate/')>
<cfset roleArray = ArrayNew(1)>
<cfloop from="1" to="#arraylen(Nodes)#" index="i">
<cfset NodeXML = xmlparse(Nodes[i])>
<cfset ArrayAppend(roleArray, '[sel_members][]=#NodeXML.activedate.xmlText#&')>
</cfloop>
</cfoutput>
My issue is down in the loop where I do the arrayappend. How would I build an array of values coming back from the cfhttp request but not include any of them if they match up with anything coming back from the getqueue query?What about the obvious? Namely,
<cfif value_from_getqueue IS NOT value_from_cfhttp_request>
<cfset arrayAppend()>
</cfif> -
Extract Portal User Name From HTTP POST Request (WSRP SOAP)
How can we extract the user name from the HTTP POST Request (*WSRP SOAP*) from the Portal to the Portlet Provider (Producer)?
We are load balancing between the Portal (10.1.14.2) and the providers (OC4J 10.1.3.3) and would like to extract the user name within the load balancer so we can create session affinity based on it.
BTW, we already tried using TCP Flow but were unable to see the user name.From the documentation, it seems that you need to use
HttpURLConnection.setRequestMethod("POST"); // "GET" is the defaultalthough I have seen examples on the web without it.
Try!
Edit: Also the single quotes around userid and password may be a problem.
Use the previous poster suggestion, but do not include the single quotes.
Edited by: baftos on Aug 6, 2008 4:27 PM -
Eliminating + from the post request
When I send a POST request to the web server, the spaces in the request are replaced by '+'. how do I eliminate this?
I am developing a program which sends a POST request to the server in a name value pair.Any spaces in the value are converted to '+' character and any other special characters are converted to %their hex value
For eg: if the request is
key = how are you
at the server I get
key = how+are+you
in the same way
key = Re: how are you
at the server I get
key = Re%3Ahow+are+you
How do I handle this problem -
Retrieve data/files fro HTTP POST request in On-Demand process
Hello,
I would like to integrate https://github.com/blueimp/jQuery-File-Upload to my APEX 4.2 application inside XE11g. I would like to use this kind of jQuery component, multiple file upload, use Drag & Drop, image resize, size limit, filter extensions etc...
This jQuery component and also others javascript uploaders sends data files to some defined URL. Developer need to build some servlet, php script or something on server side that will read files from HTTP request and stores it somewhere.
Do you know how to do it in APEX? How can I read data from HTTP POST request in PL/SQL? Now I can only call my On-Demand application process from javascript, but I am not able to read any data from HTTP POST in it.
Can I do it in APEX, or using MOD_PLSQL?
I would like to implement this:
1) some javascript uploader will call some URL of my application and sends HTTP POST with data files
2) I will read data files from HTTP POST and store them into database
3) I will create some HTTP response for javascript uploader
Thank you for some tipsI know about that existing plugin " Item Plugin - Multiple File Upload"
But I doesn't work in IE and has only basic features. Licence for commercial use is also needed. I would like to use some existing jQuery plugin. There are many of these plugins with nice features. And only one problem is that I need to create some server side process/servlet/script.. that can recieve HTTP request, get files from it and stores them into DB. -
Extracting Request Parameters from a POST.
A client is POSTING some request parameters as part of its POST request.
My servlet is getting this as part of the getInputStream.
The contents of the inputStream received is:
username=someUserName&password=somePassword
Now how do I extract this username and password which is in the Body
of the POST?
I am trying request.getParameter("username")
but am not getting the value of the username.
Can some please help me as to how to get the request parameters?
Attached is my servlet
public class DeviceLocation extends HttpServlet {
private static final String CONTENT_TYPE = "text/html";
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request,response);
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
System.out.println("Servlet up and running...");
InputStream requestInputStream = request.getInputStream();
InputStreamReader isr = new InputStreamReader(requestInputStream);
BufferedReader br = new BufferedReader(isr);
String line = "";
StringBuffer sb= new StringBuffer();
while ((line = br.readLine()) != null)
sb.append(line);
br.close();
System.out.println(sb.toString()); // display the input Stream
// Display all the Request Parameters
System.out.println("Request Method : " + request.getMethod());
System.out.println("Host : " + request.getHeader("Host"));
System.out.println("User Agent : " + request.getHeader("User-Agent"));
} // End of servlet class.try doing it without reading in the requestInputStream first:
public class DeviceLocation extends HttpServlet {
private static final String CONTENT_TYPE = "text/html";
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request,response);
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
System.out.println("Servlet up and running...");
// Display all the Request Parameters
System.out.println("username Parameter : " + request.getParameter("username"));
System.out.println("Request Method : " + request.getMethod());
System.out.println("Host : " + request.getHeader("Host"));
System.out.println("User Agent : " + request.getHeader("User-Agent"));
} // End of servlet class. -
Generate html post request from form9i applet
I need to interact with a 3rd party credit card processing server form my form9i application.I need to create a html post request with all the input information encapsulated in it and also receive the http response and parse it and display an alert in the form(approved or rejected).Can I do that?
any answer is going to help me greatly
SathiGET method may be the easier way. web.show_document('your_url?v1=123&v2=abc'); as of POST method, I guess you need JSP to do it, but how to do it from applet, I like to know too.
getting back info, I used perl to read the html POST data on web server, then perl parses it and writes to a file on server, then use text_io or utl_file to read data into webform applet fields.
The drawback I found that the cursor will not get back to webform applet from html pages. I tried to print every possible Javascript methods to wake up it, but it cannot get it. -
Page Expire - How to keep in cach from post request !!!
I have a big problem with the back button resulting in Page Expired message. The system framework is to call servlets from any page. A servlets will perform necessary computations and forward the request with additional objects to a jsp page, which will in turn construct the page and display it to a user. Some of the constracted pages have back button, which simply redirects to the previous page.
The problem that I have has been described in multiple forums before, but still appears to be not solved. When I press the back button that shall display previous page, generated by the Post request, I get Page Expired message. Note that this occurs only in IE (I am using 6.0 with SP1) and not in Mozilla (I am using 1.3). I did my homework and tried the following code in different combinations, but unsuccessful:
resp.setHeader("Cache-Control", "public");
res.setHeader("Pragma", "Cache");
res.setHeader("Expires", "Fri, 30 May 2003 12:00:00 GMT");
or directly in jsp page
<META HTTP-EQUIV="Pragma" CONTENT="cache">
<META http-equiv="expires" CONTENT=" Fri, 30 May 2003 12:00:00 GMT ">
None seems to work in IE. It appears that the IE refuses to cache the page generated by the post request at all times.
The application that I am working is huge and this is a big problem for us, we need to support IE with back buttons.
Please help.I believe this is a requirement of the HTTP
specification.Yep - section 13.10 for anyone who can't sleep. I believe the idea is that methods such as POST, PUT and DELETE cause an update at the server and so caching makes no sense - the client needs to view a new copy.
To quote the spec:
Some HTTP methods MUST cause a cache to invalidate an entity. This is either the entity referred to by the Request-URI, or by the Location or Content-Location headers (if present). These methods are:
- PUT
- DELETE
- POST -
Reading POST-Request-Parameter-Values from WebDynPro now possible?
Hello,
in the past I always was disappointed that in WebDynPro there was no way to read POST-request-parameter-values directly after the call of a WebDynPro-Application.
The only (documented) way to read / transfer request-data into an WebDynPro-application was via "URL query string parameters" in the request URL.
The last week I forgot this restriction. I called my WebDynPro-application using a POST-Request-Parameter (cookie_guid) instead of an URL-parameter.
After noticing my mistake, I was really surprised that the WebDynPro could read / shows the the POST-Request-Value.
I didn't make any changes in the coding of my WebDynPro-Application (zvis_show_sso_cookie).
After this cognition I built the following simple HTML-formular to analyse the behavior of the WebyDynPro by calling it with an URL-Parameter (cookie_guid=Url-GUID) together with the POST-Parameter (cookie_guid = Post-Value-GUID).
After calling the WebyDynPro it reads / shows the "POST-Value" of the request !!!
(Remark: If I made a simple refresh or type directly the URL "http://hg10762.vis-extranet.de:1080/sap/bc/webdynpro/sap/zvis_show_sso_cookie?sap-language=DE&cookie_guid=Url-GUID" in the browser, the same webdynpro reads / shows the URL-Parameter-Value).
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
</head>
<body>
<form method="post" action="http://hg10762.vis-extranet.de:1080/sap/bc/webdynpro/sap/zvis_show_sso_cookie?sap-language=DE&cookie_guid=Url-GUID">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Cookie_GUID:</td>
<td><input name="cookie_guid" type="text" size="30" maxlength="30" value="Post-Value-GUID"></td>
</tr>
<tr>
<td>
<input type="submit" value=" Absenden ">
<input type="reset" value=" Abbrechen">
</td>
</tr>
</table>
</form>
</body>
</html>
My questions:
I there any documentation that describes the behavior of WebDynPro after calling it by using POST-Parameter values?
I believe in the past it wasn't possible to read POST-request-parameter-values in WD. Has SAP changed the functionality?
Is the behavior I described in my example above mandatory?
Regards
SteffenAs far as i know in general HTTP request GET method is standard but in SAP POST is standard. All the client request is passed as POST to the server in order to avoid the URL parameter length restriction in GET method.
-
Greetings everybody,
For this particular question I am not getting any help from the Java forums and Google.
Not very long ago I had to send a stream of bytes from an applet to a servlet (the applet and its helper classes are packed inside a signed jar file), but I used to fail miserably at every step.
I tried every trick in the book (for me the books were Google and Java forums!!). I set the servlet's path in the Windows CLASSPATH, I tried to call the applet from within a servlet- of course after placing the applet file in the servlets folder- (in the hope that since the applet was in the same location as the servlets the URL would get established) e.t.c but still URL url=new URL(<servlet URL>) refused to invoke the servlet.
Finally somehow I managed to get it done using the code below:
public class Xyz extends Applet
//DONT BE SURPRISED RIGHT NOW!!
Class cls=this.getClass();
ClassLoader cldr=cls.getClassLoader();
//THE ACTUAL SERVLET CONNECTING CODE
URL url=cldr.getResource("http://localhost:8000/servlet/<SomeServlet>");
/*This statement does not work........ URL url=new URL("http://localhost:8000/servlet/<SomeServlet>").A NULL URL OBJECT GETS CREATED!! */
HttpURLConnection hurlc=(HttpURLConnection)url.getConnection();
//ALL THE NECESSARY FORMALITIES TO BE PERFORMED TO WRITE THE STREAM TO THE SERVLET
hurlc.setDoInput(false);
hurlc.setDoOutput(true);
hurlc.setUseCaches(false);
hurlc.setRequestMethod("POST");
OutputStream os=hurlc.getOutputStream();
//WRITING THE STREAM
os.write(<some byte buffer>);
//NOW COMES THE TRICKY PART
hurlc.getResponseCode();
I had to do getResponseCode() because once ClassLoader.getResource(<servlet URL>) invoked the servlet using the GET method I COULD NOT INVOKE THE SERVLET AGAIN. I had to force an invokation using getResponseCode().
Well all is well now excepting for a small irritant. Instead of issuing one POST request the URLConnection is issuing multiple POST requests. In the Apache logs I get to see something like:
GET /snodx/callapplet.htm 200 116
GET /snodx/keystore_for_holding_fingerprint_for_trusted_applet 200 234
GET /snodx/applet_and_helpers.jar 200 105
HEAD /servlet/<SomeServlet> 200 187
POST /servlet/<SomeServlet> 200 312
POST /servlet/<SomeServlet> 500 604
POST /servlet/<SomeServlet> 500 604
The last 2 lines indicate that the servlet was invoked but the connection closed somehow. This is confirmed by taking a look at the Apache error logs:
Premature end of script headers.
Premature end of script headers.
In the JServ servlet engine error logs I am getting:
(500)apj12 returned an error handling request
cannot scan servlet headers.
The problem is occurring somewhere in getResponseCode().This statement is invoking the servlet using the request method set (POST) several times (2 or 3 times).
Can someone explain what's going on?
This is briefly the servlet code:
public class SomeServlet extends HttpServlet
//THE SERVICE METHOD IS CALLED BY A HEAD REQUEST TO THIS SERVLET
public void service(ServletRequest reque,ServletResponse respon) throws ServletException,IOException
this.doPost((HttpServletResponse)reque,(HttpServletResponse)respon);
//GO DIRECTLY TO THE POST METHOD
public void doPost(HttpServletRequest req,HttpServletResponse resp) throws ServletException,IOException
ServletInputStream sis=req.getInputStream();
if(sis.available()<2) //CHECK THAT THERE IS STREAM WHICH HAS AT LEAST 2 BYTES OF DATA!!
log("NO STREAM FROM APPLET");
else
//PERFORM ALL ACTIONS TO WRITE TO STREAM OF BYTES TO A LOCAL FILE
I have the servlet engine JServ 1.1.2 configured to run with Apache 1.3.19 on Windows 2000.
I compiled the Applet and the Servlet using JDK1.3 and JSDK2.0. I have JRE 1.3.1_02 installed on my Win2k machine.
Sorry for the long winded story here.
Awaiting a reply.
SNODX
(The search keywords combination getResponseCode multiple POST requests +Applet and many other related keyword combinations did not match any document in the Java forums. The search string "Multiple POST requests" "getResponseCode" and many other related search strings did not match any document in Google.I am continuing the search effort howeverinterresting the classloader solution. Well if that works, i would keep it like that so far.
But maybe this can help:
os.write(<some byte buffer>);
..and then
os.flush()//to make sure the outputstream is sent immediatly.
//i think getResponseCode() is not necsessary in that case
//but not certain, after all ...setUseCaches(false);
One thing you should do is remove the complete
service() {
...this.doPost();
the reason is that when a POST arrives at the servlet, the default service-method of the ancestor class (which is javax.servlet.Servlet) will automaticaly make a call to doPost() of the javax.servlet.http.HttpServlet subclass. You should not overide it I believe.
maybe... -try to establish an OutputStream only once in the Applet.
- receive the other end exactly once (as you did) in the doPost as an InputStream;
- eventually wrap both sides in respective Buffered(In)(Out)putStream(Reader)(Writer)
- start looping and .write() and .read() at both sides on the single and same in-and-outputStream();
(i.e avoid establishing the connection from the applet several times..., get one connection and keep it)
sorry if this story would be irrelevant,
Papyrus -
Get file from HTTP POST (upload image)
Hello,
I would like to integrate http://www.plupload.com flash component to my APEX 4.1 website. I need it because I want to resize image and transform image before upload on client side, upload multiple files etc..
But I don't know how to read image binary data from POST method.
When I hit "Start upload" button on plupload component it makes some transformations and creates POST method like this:
------pluploadboundary1334433145869
Content-Disposition: form-data; name="name"
p16qp6jm3nhan1ca46me1ocr3tu1.jpg
------pluploadboundary1334433145869
Content-Disposition: form-data; name="chunks"
1
------pluploadboundary1334433145869
Content-Disposition: form-data; name="chunk" 0
------pluploadboundary1334433145869
Content-Disposition: form-data; name="file"; filename="centerd.jpg"
Content-Type: image/jpeg
ÿØÿà�JFIF������ÿÛ��
image content
now I would like to read content of this HTTP POST and read sended image and store it to DB.
Question is... how can I read file sended with HTTP POST in APEX pl/sql process or pl/sql procedure?
Thank you...
Edited by: cardel on Apr 14, 2012 11:17 PMHi,
here are my two cents ...
this will be a bit difficult. When you use the standard APEX File upload it is not PL/SQL handling the POST request. The request is handled by the webserver - depending on the variant you are using it is either mod_plsql, the C code of the Embedded Gateway or the APEX Listener. The webserver is also doint the insert into APEX' file repository. So I see two options:
It might be possible to configure your plugin (don't know about it) the behave the same as a standard browser upload. Then for APEX there would be no difference - mod_plsql should handle the files accordingly.
If you want to handle the POST request yourself, as said, you can't do this in PL/SQL. It would be possible to write a Java servlet doing this and deploy that servlet on the same container as the APEX Listener (when using Apache with mod_plsql you would need an additional Java server for that) ....
Hope this helps ...
Best regards
-Carsten -
Hi all,
I encountered the following 2 servlet problems in WLS 6.0/ 6.1:
1. Processing concurrent POST requests
WLS seems to disallow concurrent executions of any servlet's doPost servlet method.
When two clients attempt to send a request to a servlet using POST, the socond
one
is blocked until the first customer is served. In essence, the servlet ends up
operating in
1-user mode. I just learned from Jervis Liu that the problem is solved in WLS6.0
if you disable http-keepalive.
For WLS 6.1 a partial workaround is to make the servlet work in a single-thread
mode (by implementing the javax.servlet.SingleThreadModel interface). In this
case,
WLS dispatches concurrent requests to different instances of the servlet.
This doesn't completely eliminate the problem - still only one customer can be
connected at a time. The improvement is that once the first customer is disconnects,
the second can be served even if the doPost method for the first has not finished
yet.
2. Flushing the response buffer in WLS 6.1
The servlet response buffer is not flushed automatically until doPost ends, unless
you
explicitly call response.flushBuffer(). Closing the output stream doesn't flush
the
buffer as per the documentation.
I see that other people are experiencing the same problems.
Has anyone found any solutions/workarounds or at least an explanation.
Any input would be highly appreciated.
Thanks in advance.
Samuel Kounev
Thanks for replying. Here my answers:
> Did you mark your doPost as synchronized?
No.
> Also, try testing w/ native i/o vs not ... is there a difference?
With native I/O turned off I get a little lower performance, but the
difference is not too big.
Best,
Samuel Kounev
> Peace,
>
> --
> Cameron Purdy
> Tangosol Inc.
> << Tangosol Server: How Weblogic applications are customized >>
> << Download now from http://www.tangosol.com/download.jsp >>
>
> "Samuel Kounev" <[email protected]> wrote in message
> news:[email protected]...
> >
> > Hi all,
> >
> > I encountered the following 2 servlet problems in WLS 6.0/ 6.1:
> >
> > 1. Processing concurrent POST requests
> >
> > WLS seems to disallow concurrent executions of any servlet's doPost
> servlet method.
> >
> > When two clients attempt to send a request to a servlet using POST, the
> socond
> > one
> > is blocked until the first customer is served. In essence, the servlet
> ends up
> > operating in
> > 1-user mode. I just learned from Jervis Liu that the problem is solved in
> WLS6.0
> >
> > if you disable http-keepalive.
> >
> > For WLS 6.1 a partial workaround is to make the servlet work in a
> single-thread
> >
> > mode (by implementing the javax.servlet.SingleThreadModel interface). In
> this
> > case,
> > WLS dispatches concurrent requests to different instances of the servlet.
> > This doesn't completely eliminate the problem - still only one customer
> can be
> >
> > connected at a time. The improvement is that once the first customer is
> disconnects,
> > the second can be served even if the doPost method for the first has not
> finished
> > yet.
> >
> > 2. Flushing the response buffer in WLS 6.1
> > The servlet response buffer is not flushed automatically until doPost
> ends, unless
> > you
> > explicitly call response.flushBuffer(). Closing the output stream doesn't
> flush
> > the
> > buffer as per the documentation.
> >
> > I see that other people are experiencing the same problems.
> >
> > Has anyone found any solutions/workarounds or at least an explanation.
> > Any input would be highly appreciated.
> >
> > Thanks in advance.
> >
> > Samuel Kounev
=====================================================
Samuel D. Kounev
Darmstadt University of Technology
Department of Computer Science
DVS1 - Databases & Distributed Systems Group
Tel: +49 (6151) 16-6231
Fax: +49 (6151) 16-6229
E-mail: mailto:[email protected]
http://www.dvs1.informatik.tu-darmstadt.de
http://skounev.cjb.net
=====================================================
[att1.html]
-
How to fire Chunked POST Requests.
Hi,
Can anyone please tell me how to implement a servlet which can fire chunked POST request to the server. I have tried implementing such a servlet but it does not send the request in a chunked format.
Please let me know what headers should this POST request necessarily have ?? (Transfer-Encoding : chunked would be one).
Thanks in advance.
SaurabhThis normally isn't my area, but I saw some code yesterday which looks like what you want...
regards,
Owen
protected void process (final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
java.io.IOException
resp.setContentType("image/svg+xml"); // This is for SVG files only
resp.setHeader("Transfer-Encoding", "chunked");
// rest of code....
} -
Truncated POST requests in IE 10 - In Response to NTLM Authentication
In Internet Explorer 10, the browser is incorrectly truncating HTTP POST requests and submitting unsolicited NTLM negotiate headers with a HTTP Content-Length of Zero Bytes. This results in HTTP POST parameters failing to be submitted to the
server.
Assume the following web application with a context root of:
https://w3.someapplication.net/webapplication/
Secure cookies for this site are established at the context root of this application.
To reproduce this issue, a secure session is established at a protection space deeper than the root context of the web app:
https://w3.someapplication.net/webapplication/secure/login
After establishing a secure session with the web application, some client side artifacts are retrieved from a web proxy at a higher protection space:
https://w3.someapplication.net/webapplication/somejs.js
Subsequent HTTP POST requests to a deeper protection space will result in IE incorrectly attempting to pass an unsolicited NTLM negotiate header to the server side, and the HTTP POST request will be truncated with a Zero Content-Length header:
https://w3.someapplicaiton.net/webapplication/submit/form
The result is that the HTTP POST parameters submitted to the last URL will be lost.
This is reproducible against IE6 and IE10. It does not reproduce against IE8, or any non-Microsoft browser which all behave in a sane manner.
My Questions:
Why is IE behaving this way?
What can I do to make IE behave properly? Please don't suggest that I change the entire structure of my company's website to overcome this kind of silly bug in IE.
Is there a planned fix to correct this behavior back to the proper implementation observed in IE8?
Additional details about this problem are documented by an IE Internals blogger at the following url:
http://blogs.msdn.com/b/ieinternals/archive/2010/11/22/internet-explorer-post-bodies-are-zero-bytes-in-length-when-authentication-challenges-are-expected.aspx
MichaelYes, I have read that blog post in detail. All of the comments from Microsoft on this issue suggest making intrusive changes to the web application side to work around this "optimization". This is not an acceptable answer. This
is clearly a bug in IE. Evidence to support that this is a bug is that the behavior within IE's own browsers is not consistent; IE6 and IE10 will reproduce this issue, IE7 and IE8 will not.
I don't understand your suggestion; "ensure all paths are configured to require authentication". This is not a reasonable expectation for any normal web app. Our application does require authentication on all paths. However, when the first
authentication request goes through, a HTTP Session is established. Any subsequent request to that domain will not and should not be re-authenticated. IE making assumptions about the authentication requirements of a server side application is incorrect.
Further, even if i did re-challenge the browser for credentials on every path, regardless of whether a session is established or not, how would I handle the requirement to serve client side artifacts from a web proxy within that secure domain? Am I expected
to force my web proxy to require an NTLM header to serve up a CSS file? That is just silly.
You also suggested that my application might be incorrectly returning a 401. I can assure you, that is not the case. The flow is this:
Perform a signon to the application and retrieve some client side artifacts required by the splash page
https://w3.myapp.com/some/app/path?query=string
401 + www-negotiate response header
https://w3.myapp.com/some/app/path?query=string
browser provides a ntlm token, user is logged in, session is started
https://w3.myapp.com/some/file.js 200 response code, no challenge from the server side
Splash page is loaded; user submits a POST request
https://w3.myapp.com/some/app/path POST request fails because IE truncates the request and attaches an NTLM negotiate header with Zero Byte content length. This is an unsolicited negotiate header from IE.
Honestly, it really irritates me when people suggest we should change our entire application structure to accommodate IE bugs or "features" that are completely outside of the HTTP spec. I understand RFC4559 states that a browser MAY initiate a request
to a server which includes an unsolicited negotiate header, but it doesn't say anything about truncating the contents of that request.
No other browsers exhibit this behavior, and even the behavior within Microsoft's own product is not consistent. It is insanely frustrating as a web developer trying to deal with all of IE's little nuances.
Is there anyway this can be turned off via a registry entry? Is there any plan to fix this in a future release? -
Incorrect MIME type for XML Data Connection POST requests
It appears that Xcelsius 2008u2019s XML Data Connection logic does not specify the correct MIME type for the data it sends to the server in its POST request. Using an HTTP debug proxy, I was able to see that Xcelsius sends XML data in the POST, but is setting a content-type of u201Cx-www-form-urlencodedu201D. According to the W3C spec:
http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1
Data sent with a MIME type of u201Cxxu201D should be encoded as key?value pairs, like this:
key1=val1&key2=val2&Submit=Submit
So, what Xcelsius is doing is clearly incorrect. Worse, if your server process is a Java servlet, you may find that the POSTed data will be gobbled up by the servlet container and you wonu2019t be able to read it using a getInputStream(), or getReader() call because itu2019s already been processed by a call to the getParameter() method.
The correct mime type for POSTing an XML formatted request from Xcelsius should be "text/xml".
WayneHi,
The Error #2032 your getting is due to the Flash player security.
To remove this this error you need one crossdomain Xml file in the root directory which actually provides a lot more control over who has access to your data from a SWF. The cross domain policy is attached as crossdomain.xml.
In the XML file, it is used a wildcard (*). This allows a SWF located on any machine to access your data source. You can certainly use an IP address or domain name to restrict access rather to opening it up completely. I always start with the wildcard to make sure my dashboard works, then start restricting access as necessary.
Here is a whitepaper with everything you need to know about Flash player security:
http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf
Please let me know if you need any more clarification.
Regards,
Sanjay
Maybe you are looking for
-
Wireless connection to D-Link DIR-655 router
I just got a MBP and I can't connect wirelessly to my D-link router (WPA password protected; wired connection works great). Aiport sees the router, asks for the password which I enter, and then I get the message "the selected network uses and Access
-
How do you set default fonts and default text box sizes on bound form fields?
I am using an existing PDF as a template to build my form in designer. I am dragging my objects from the schema window to the form and when I drop it on the form it is way too big - so for every field I do this with I am left to resize and reset the
-
Tracking a ramping signal and checking for range thresholds
I have a signal which ramps at 0.05 volts/second. During this state, there is a possibility that the ramp rate exceeds the 0.05 v/sec. operation (runaway condition). Does anyone have any ideas about how to track this and respond to the runaway cond
-
Regarding FB60 tcode business place and section code
Hi Expects My Problem was in fb60 when i enter any business area business place and section code automatically displaying. its default coming for vendor only . i want to clear that one . i have checked user exit , badi and substitutes also they are
-
Search criteria in VA02/ VA03
Hi Can i add any new fields in the search criteria in VA02/VA03 screen . Generally only the fields Purchase Order No, Sold-to party, Delivery,Billing Document, WBS Element . I want to add the reference field from the header accounting tab page . If s