Implementing Filters in Servlet 2.2 Version

Similar Messages

• Can we implement BADI's in 4.6c version

  Hi experts,
  Can we implement BADI's in 4.6c version.
  regds
  venky

  Hi,
  Please check the following for BADI knowledge.
  http://help.sap.com/saphelp_nw04/helpdata/en/e6/d54d3c596f0b26e10000000a11402f/content.htm
  Regards,
  Ranjit Thakur.
  Please Mark The Helpful Answer.

• Implementing a secure servlet

  Hi all,
  I am stuck about implementing this! My web site is implemented using static HTML pages and hosted on Apache server. I have a separate application server that runs my dynamic applications. In my web site, I have a contact us form with action as a simple servlet. Everything works fine and servlet does its purpose. But there is security issue with this. Anybody can access my servlet using the URL. Anybody can view source my page, get the servlet URL and can spam! I need to make this secure.
  Any thoughts on this issue would be great.
  Thanks and Regards,
  Abdel Olakara
  [http://technopaper.blogspot.com|http://technopaper.blogspot.com]

  Olakara wrote:
  Yawmark, your thinking correct with my context. I am more concerned with the user side and not the bots. I am having a look at spring but is there any simple way (with out using any frameworks?).Personally, I think using Spring Security is the simple way, rather than trying to think through and design an effective security model on one's own, only to come up with a poor imitation of an existing framework. :o)
  Security is not a simple subject, and "implementing a secure servlet" is not a simple matter. At least, not to my reckoning.
  ~

• In which way Servlet implements  multiThread  without servlet implement Run

  Hi,
  In which way Servlet implements multiThread without servlet implement Runnable.
  In general servletconaainer use one instance of servlet to handle multiple request(except implement SingleThreadmodal).
  I thing that conatainer can achive this ,in this Way
  Myservlet ms;
  1st Way:
  For each new request container call
  new Thread(){
  puvlic void run(){
  ms.service(request,response);
  }.start();
  but I do not thing in this way we get any performace.
  It is better creat pool of Myservelt. and get object from this
  ms1,ms2,ms3
  2nd way is
  Myservlet implement Runnable
  and for each request
  new Myservlet ().start();
  Please tell me In which way conatiner achive multithread of servlet
  Siddharth Singh([email protected])

  You don't need to do any of this. The servlet container starts its own threads, and they call the servlet methods as required. All you have to do is syncrhonize your servlet internally as required to protect anything that needs protecting from multiple threads.

• Will weblogic 4.5 work with the Sun Java Servlet Development Kit Version 2.1?

            Will weblogic 4.5 work with the Sun Java Servlet Development Kit Version 2.1
            (JSDK 2.1). The reason I want this is we want our application servlets to
            use the new 2.1 redirection mechanism to redirect to JSP files.
            

  WL 4.5 supports JSP 1.0 (and, therefore Servlet 2.1).
            What I want to know is when will it support JSP 1.1 (and, therefore Servlet
            2.2)!
            Regards,
            Murali Krishna Devarakonda
            Cox News <[email protected]> wrote in message
            news:7rk40p$s00$[email protected]..
            >
            > Will weblogic 4.5 work with the Sun Java Servlet Development Kit Version
            2.1
            > (JSDK 2.1). The reason I want this is we want our application servlets to
            > use the new 2.1 redirection mechanism to redirect to JSP files.
            >
            >
            >
            >
            

• Implemention of JAAS+servlet+jboss+sql database

  Hi,
  I am trying to implement JAAS for login module using code and CallbackHandler( ie lc = logincontext(...).), but i got a sample code which is used for commandline execution, but i need to implement in web application, what all are the files that i need to configure to implement JAAS in web application?, so that i can check the user name and password which is entered by the user against the value that inside my sql database. it would be appreciated if anyone send some sample code to start work on JAAS.
  Regards
  kumar

  Kumar,
  i am trying to do the same thing, but i am having a slight problem, maybe between the two of us we can figure it out. here is what i have come up with so far:
  1. edit web.xml to specifiy which directories and pages are secured and accessed only by specific user roles (Optional)
  2. edit login-config.xml which is found in JBOSS_directory/server/default/conf or JBOSS_directory/server/all/conf depending on which version of the server you are using. you need to add the following to login-config.xml file, to include the JAAS DatabaseServerLoginModule, the configuration is as follows:
  <application-policy name = "testDB"> <! -- this is the name of the secrurity policy which you refer to in jboss-web.xml
  <authentication>
  <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  flag = "required">
  <module-option name = "unauthenticatedIdentity">guest</module-option>
  <module-option name = "dsJndiName">java:/testDB</module-option> <! -- this is the datasource the is used to connect to your database
  <module-option name = "principalsQuery">SELECT password from Principals where PrincipalID =?</module-option>
  <module-option name = "rolesQuery">SELECT Role, Rolegroup FROM roles WHERE principalid=?</module-option>
  </login-module>
  </authentication>
  </application-policy>3. you edit jboss-web.xml with the following code
  <jboss-web>
  <security-domain>java:/jaas/testDB</security-domain>
  <context-root>/testJBOSSsecurity</context-root>
  </jboss-web>4. Create a Login Form with the action pointing to the servlet you will create in the next step
  5. create the servlet that handles logging the user in
  ****loginservlet.java*****
  import java.security.Principal;
  import java.security.PrivilegedAction;
  import java.util.Locale;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.util.Set;
  import javax.security.*;
  import org.jboss.security.SimplePrincipal;
  import org.jboss.security.auth.callback.SecurityAssociationHandler;
  try {
  SecurityAssociationHandler handler = new
  SecurityAssociationHandler();
  Principal user = new SimplePrincipal(request.getParameter("j_username"));
  handler.setSecurityInfo(user, request.getParameter("j_password"));
  LoginContext loginContext = new LoginContext("testDB",(CallbackHandler)handler);
  loginContext.login();
  Subject subject = loginContext.getSubject();
  Set principals = subject.getPrincipals();
  principals.add(user);
  out.println(subject.toString());
  //response.sendRedirect("securepage.java");
  }6. create two database tables: one to hold the principalid (primary key) and password. this table is called pricipals. create another table to hold the user roles. call this table roles, and it has three fields. principalid as a primary key and a foreign key from the principals table, role and rolegroup
  this is what i have so far, but it's not working, i have posted my problem in this link [http://forum.java.sun.com/thread.jspa?threadID=5293266|http://forum.java.sun.com/thread.jspa?threadID=5293266] as well an other forums since two nights ago, but so far no replies. so read the post and you will get a better picure and try it out, if you have luck wiith it, please let me know
  Sam

• Implement Dispute Mgmt with 4.7 Version

  Hi
  We are currently using 4.7 version.  And we have installed FSCM component with 4.7. We bought it with SAP along with 4.7. We are currently researching on implementing Dispute Management Process. Hence my question is did anyone implement this functionality with 4.6 & 4.7 versions. If so, then what are the technical difficulties and challenges encountered? I see most of the posts related to ECC 5.0 & 6.0.
  Any suggestions or guidance would be appreciated greatly.
  Thanks
  Sunil

  Thanks Cristobal.. Can you pls elaborate 'face the multi system scenario (Two boxes)'?. I read somewhere in the SAP help doc, that Dispute Mgmt uses 'ALE'. I am not sure about the technicalities behind it. Does this scenario create any performance issues? Does it impact any other functions like SD etc.,?
  Thanks
  Sunil

• Web.Xml Mapping For using Filters in Servlets

  Hi Team
  Can any one help me in getting the correct xml mappiing for using filters
  Currently i am getting 404 error when calling any resource
  using the below mapping
  <web-app>
  <display-name>OM</display-name>
  <welcome-file-list>
  <welcome-file>Hello.html</welcome-file>
  </welcome-file-list>
  <filter>
  <filter-name>Basic Filter</filter-name>
  <filter-class>BasicFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>Basic Filter</filter-name>
  <url-pattern>/sample1</url-pattern>
  </filter-mapping>
  <servlet>
  <servlet-name>sample2</servlet-name>
  <servlet-class>com.ustri.xml.FilteredServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>sample2</servlet-name>
  <url-pattern>/sample1</url-pattern>
  </servlet-mapping>
  </web-app>
  Thanks
  santhosh

  As the messages tries to suggest, the elements under <web-app> must appear in a specific order. In particular the <filter> elements, if any, must appear before any <session-config> elements. That isn't the case in what you posted so it fails validation by the DTD.

• How do I develop a servlet for different versions of the JDK?

  This is my first post here so I hope this is the appropriate forum...
  I am developing a servlet on my local machine set up with :-
  Windows XP Pro SP2
  J2SE 1.50
  Tomcat 5.5.4
  However, one of the hosts where I need to use the servlet has :-
  J2EE 1.4 SDK
  Tomcat 4.1.29
  I have installed JDK 1.4.2_06 but need to access the servlet api jar (servlet-api.jar) to compile against otherwise I get errors such as:
  FirstServlet.java:4: package javax.servlet does not exist
  import javax.servlet.*;
  The servlet api jar I use when compiling with J2SE 1.50 is in "C:\Tomcat\Tomcat 5.5\common\lib\servlet-api.jar".
  My question is where can I obtain a servlet api jar to compile against for use under J2EE 1.4 SDK / Tomcat 4.1.29 - i.e. do I need to install the relevant version of Tomcat or is the jar available seperately?
  Any help much appreciated.

  "My question is where can I obtain a servlet api jar to compile against for use under J2EE 1.4 SDK / Tomcat 4.1.29 - i.e. do I need to install the relevant version of Tomcat or is the jar available seperately?"
  you can download it seperately from java servlets website
  http://java.sun.com/products/servlet/download.html
  you should download the tomcat version you are hosting your code
  with to ensure full compatability
  i think it is called servlet.jar not servlet-api.jar in older tomcats

• Servlet Container Variable: version

  Does anybody know how a servlet can discover the version of Java being used on the host system please?
  Thanks in advance,
  Bamkin
  (java version, not tomcat version)

  checkout the below code...
  import java.lang.management.ManagementFactory;
  public class RandomServlet extends HttpServlet{
  public void service(req,res){
  String Name = ManagementFactory.getRuntimeMXBean().getName;
  String VmSpecName = ManagementFactory.getRuntimeMXBean().getSpecName();
  String VMName = ManagementFactory.getRuntimeMXBean().getVmName();
  String VMVendor = ManagementFactory.getRuntimeMXBean().getVmVendor();
  String VMVersion = ManagementFactory.getRuntimeMXBean().getVmVersion();
  }NOTE:Works from J2SE 5.0+
  REGARDS,
  RaHuL

• How to implement "Filtered Indexes" in Oracle?

  I know that function-based index can (kind-of) create index for only a portion of all the rows in a table,
  create index idx_abc_01 on t_abc (case when end_dt > '01-APR-2008' then end_dt else null end);
  /* to use the index, you have to use the same express in the filter clause */
  select * from t_abc where xyz in ('O', 'S', 'X') and
       case when end_dt > '01-APR-2008' then end_dt else null end
            between '12-JUL-2008' and '15-JUL-2008';But this approach is very inflexible because the expression in the where clause has to exactly match the index creation, otherwise that filtered index will not be used.
  MS SQL Server 2008 has a new feature called - Filtered Indexes
  CREATE NONCLUSTERED INDEX fidx_abc_01
      ON t_abc ( EndDate )
  WHERE EndDate > '20040401';
  select * from t_abc where EndDate between '20050121' and '20050130';[url http://msdn.microsoft.com/en-us/library/cc280372.aspx]Filtered Indexes can be very helpful in both OLTP and DW. I'm wondering how to get the same thing done in Oracle.
  Any suggestion beyond [url http://erturkdiriksoy.wordpress.com/2008/06/30/filtered-indexes-on-oracle/]Dunyada?

  In 11.2, if you're building a data warehouse (and assuming that implies you have the partitioning option), you can declare that certain partitions of a local index are unusable which prevents Oracle from building them. If T_ABC were partitioned on END_DT, that would allow arbitrary queries where Oracle could perform partition pruning to make use of the index if it was available for those partitions without the need for an exact expression match.
  Beyond that, if you are creating a function-based index, you would often want to create (or modify) the view that your application queries to specify the condition (i.e. a VW_RECENT_ABC that only has post-April, 2008 data) so that queries didn't have to specify the condition exactly.
  Justin

• IPayment servlet timeout patch version problem

  Hi,
  I have applied the patch 6003652 to our PATCH instance. ADPATCH did not copied the file ibyppadb.pls since version of file in patch is lower. It seems that adpatch just does a version matching as is independent of DATE. I don’t know how you were able to apply this patch in your instance using adpatch. BTW Is your instance 11.5.10.2?
  Below is the extract from the log file (u6003652_adpatch.lgi)
  Will not apply ibyppadb.pls: Patch file is older.
  Patch : /opt/egappch/patch/6003652/iby/patch/115/sql/ibyppadb.pls, v115.119.115103.2
  On-Site: /opt/egappch/ebpaappl/iby/11.5.0/patch/115/sql/ibyppadb.pls, v115.120
  our functionality is in v115.119 version only.now our instance have v115.120.Any other alternative patch?
  Any other solution?
  Regards,
  Raji

  Hi,
  This is an expected behavior as adpatch compare the files based on the version. The version of the file you have is v115.120 and the one included in the patch is v115.119.115103.2
  What is the issue in using the file you already have?
  You may log a SR and ask for a patch which delivers the lower version, but this may not be compatibale with other files installed by the current/other patch.
  Regards,
  Hussein

• IASR2 BI Report Server's Servlet Version?

  Hi,
  We are planning to implement Filters in Report Server (to filter rwservlet) which is available from version 2.3.
  What is the Servlet Specification version in the BI Report Server? Is it same as of AppServer?
  Is there any other alternative to filter (secure) the access to rwservlet? What is RWSecurity class?
  thanks
  VB

  Hi Vijay,
  What is the Servlet Specification version in the BI Report Server?9iAS Rel 2 uses Servlet 2.3
  Is there any other alternative to filter (secure) the access to rwservlet?You can use the default security implementation shipped with Oracle9iAS. Use Portal to define the users and their authentication information (username/passwd). Register your reports in Portal, and allow access to only authorized users. All users will be asked their username/passwd, and only the authorized users will be granted access - whether they try to access the report published on a portal page, or directly using an rwservlet URL.
  Find more information in "Publishing reports" Ch 5 - Controlling User Access:
  http://otn.oracle.com/documentation/reports.html
  Also the Reports:Portal intgration viewlets:
  http://otn.oracle.com/products/reports/htdocs/getstart/demonstrations/index.html
  What is RWSecurity class?This is the class that implements the above logic (default security mechanism using Portal and SSO).
  Navneet.

• Problems with servlet filters

  Hello,
  I'm trying to implement filters for some of the examples presented in the j2ee tutorial. Thus, I've realized a very simple filter that works very well for the Converter example (mapped to the index.jsp URL). But this filter doesn't work with the Duke's Bank application and I don't understand why. I've tried to map this filter to the Dispatcher servlet and also to different URLs, the filter is actually executed, but the client gets no response from the server.
  Here's the source code for my filter :
  package com.sun.ebank.web.filters;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  public final class MyFilter implements Filter {
  private FilterConfig filterConfig = null;
  public void init(FilterConfig filterConfig) throws ServletException {
  this.filterConfig = filterConfig;
  public void destroy() {
  this.filterConfig = null;
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  if (filterConfig == null) return;
  HttpServletRequest hr = (HttpServletRequest)request;
  System.out.println ("MyFilter : " + hr.getMethod () +      " URL=" + hr.getRequestURL () +          " QueryString={" + hr.getQueryString () + "}");
  chain.doFilter(request, response);
  public String toString() {
  if (filterConfig ==null) return ("MyFilter()");
  StringBuffer sb = new StringBuffer("MyFilter(");
  sb.append(filterConfig);
  sb.append(")");
  return (sb.toString());
  Can anybody help me?
  Thanks,
  B.F.

  As you're not actually doing anything in this filter but a quick System.out.print, there doesn't appear to be a problem with the filter code.
  What does your web.xml file look like?
  Does your IDE allow you to trace through the filter to the next target in the chain? If so, where does the code die? If not, use System.out.print statements to determine how far into the code you get.
  No response to the client usually means that the response didn't have any content set. You can verify this by checking the state of the response object after doFilter has been called; if the headers haven't been set then something crashed in a bad way.
  Good luck!

• Servlet 2.3 implementation in WLS 6.1 SP2

            Hi,
            What exactly is the implementation of the Servlet 2.3 specification in WLS 6.1
            SP2? The Final one or some of the earlier Drafts? I am particularly interested
            in the Filter interface.
            Regards,
            Plamen
            

  Servlets and Web Applications
            The following new features and changes apply to servlets and Web Applications:
            Web Application Events (Servlet 2.3 only)
            Web Application Events provide notifications of a change in state of
            the servlet context (each
            Web Application uses its own servlet context) or of an HTTP session
            object. You can write event
            listener classes that respond to these changes in state.
            Filters (Servlet 2.3 only)
            A filter is a Java class that is invoked in response to a request
            for a resource in a Web Application.
            These resources can include Java Servlets, JavaServer Pages (JSPs),
            or static resources such as
            HTML pages or images. A filter intercepts the request and can
            examine and modify the response
            and request objects or execute other tasks. For more information,
            see Using Filters.
            Single sign-on between Web Applications. This means the server tracks
            users at the Web Server level
            and not the Web Application level, as mandated by the Servlet 2.2
            specification.
            Plamen Petrov wrote:
            > Hi,
            >
            > What exactly is the implementation of the Servlet 2.3 specification in WLS 6.1
            > SP2? The Final one or some of the earlier Drafts? I am particularly interested
            > in the Filter interface.
            >
            > Regards,
            > Plamen