Triggering Servlet using URLconnection object - Security Issue
Hi,
I am calling a servlet from my Java Program using Url and URl Connection object.
The UrlConnection.Openconncetion(URl) will trigger my servlet. I want to send the input parameters using Post method.
I want to use post method becuase if i use get method, any one who know my servlet name can hardcode the input parameter and get the confidential data by using browser.
How i can use post method to do that?
pleaasse help me.
thanx
muthu
String JSPUrl = "http://somedomain.com";
URL url = new URL( JSPUrl );
URLConnection conn = url.openConnection();
//Set up Post Query String
String postquery = "param1=" + URLEncoder.encode("This is parameter 1" ) +
"¶m2=" + URLEndocer.encode("This is parameter 2" );
conn.setDoInput( true );
conn.setDoOutput( true );
conn.setUseCaches( false );
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// send the data
DataOutputStream dos = new DataOutputStream( conn.getOutputStream() );
dos.writeBytes( postquery );
dos.flush();
dos.close();
//Read from the connection
BufferedReader in = new BufferedReader( new InputStreamReader( conn.getInputStream() ) );
.....
Similar Messages
-
Invoking servlet using URLConnection
hi there,
i am trying to invoke a servlet from one jboss to another servlet on another jboss,using URLConnection.
iam getting
java.lang.IllegalStateException: Already connected
20:57:48,371 ERROR [STDERR] at java.net.URLConnection.setDoInput(URLConnection.java:709)
20:57:48,371 ERROR [STDERR] at com.dpsl.dxdam.util.assettransfer.FTPController.run(Unknown Source)
where as if i run the same code on as standalone application,the servlet on the other jboss gets invoked,below is the code:
URL url = new URL(strPreingestServletUrl);
URLConnection connection = url.openConnection();
connection.connect();
connection.setDoOutput(true); connection.setUseCaches(false); connection.connect();
InputStream is = connection.getInputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(is));
String response = in.readLine(); System.out.println(response);
while(response!=null){
System.out.println(response);
response = in.readLine();
is.close();
in.close();
please explain why this happens,does it have anything to do with the policy file of catalina.
thanks in advancePrasadSo what's the solution? Maybe if you share it you can spare someone else some heartache. - MOD
-
Business use of Skype - security issues from a net...
Going through this forum, accounts seemed to be hacked fairly frequently. I read somewhere that Obama had his Skype acct hacked. Being a network administrator at an ad agency with high-profile clients, this could be a serious issue, if important information was leaked to the public before press releases. Seems like this is usually a result of user error, whether its phishing schemes or clicking on random links sent by strangers.
Is there any type of moderating feature that could be used (for network administrators), essentially restricting the contact list to approved contacts?themornindove wrote:
Is there any type of moderating feature that could be used (for network administrators), essentially restricting the contact list to approved contacts?
Hello,
The onus is really on the user to set his/her privacy options as they wish at > Tools > Options > Privacy Settings.
It's not possible for an administrator to prevent an individual user from adding a contact.
TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
I recommend that you always run the latest Skype version: Windows & Mac
If my advice helped to fix your issue please mark it as a solution to help others.
Please note that I generally don't respond to unsolicited Private Messages. Thank you. -
Business Object Security Issue - With the Modify Option
Hi all;
My issue is Im trying to restrict all access on Info View that are related to the Modify option for a Read Only user. When I test the user I right click and the Modify option still there.
Please help thanks.....Basically the solution was on the Application tab... I verify the privs related to the group and I change a few things. Plus still have the Modify option when I right click. Something helpful was that I can still change the column width or the color of the text or bold the text etc, but I can not change the data, which is good. Also when you right click and select view on the report your are not able to change the width of the columns. But it work ok...
Thanks for your help and support. -
Same Session using URLConnection
We have written a utility whick keeps monitoring the site for the uptime. It hits the site on a regular time interval. We are using URLConnection Object for connecting to the site, the problem here is with each connection made by URLConnection object it creates a new session and hence increases the number of sessions.
How do I user URLConnection or similar object so that it does not create new session every time it hits the server.
Thanks for the help in advance!!We have written a utility whick keeps monitoring the
site for the uptime. It hits the site on a regular
time interval. We are using URLConnection Object for
connecting to the site, the problem here is with each
connection made by URLConnection object it creates a
new session and hence increases the number of
sessions.
How do I user URLConnection or similar object so that
it does not create new session every time it hits the
server.
Thanks for the help in advance!Dear sir,
Do you solve your question in this topic?
I have similar problem. -
How to use "URLConnection" in sessions with more than one screen??
Hi,
Requests can be sent to http servers using "URLConnection" objects. The responses can be parsed via their InputStream; so far so good...
Question is:
What can I do when I want to send a request to a server where there is first a log-in screen and only then there is the desired screen where the real request should be sent?
Since the REAL request cannot be directly sent without the authentication check first, I need some kind of "context" or session in which I may make some consequent actions... Sending an independent request using a diferent URLConnection just won't do since I'm unauthorized via the second connection!!
Generally, I need a way to send consequent requests where the second request may be sent only if the first request authenticated me...
How can I do that? (Hope my question is clear...)
--Amir.Well, you will have to deal with the cookies or however the server knows you are authenticated. Personally I prefer to use something like Apache HttpClient rather than dealing with icky details like that on my own.
-
How can I use URLConnection to use applet communication with servlet?
I want to send a String to a servlet in applet.I now use URLConnection to communicat between applet and servlet.
====================the applet code below=========================
import java.io.*;
import java.applet.Applet;
import java.awt.*;
import java.net.*;
//I have tested that in applet get data from servlet is OK!
//Still I will change to test in applet post data to a servlet.
public class TestDataStreamApplet extends Applet
String response;
String baseurl;
double percentUsed;
String total;
public void init()
try
java.net.URL url = new java.net.URL(getDocumentBase(),"/servlet/dataStreamEcho");
//String currenturl=new String("http://lib.nju.edu.cn");
java.net.URLConnection con = url.openConnection();
//URL currentPage=getCodeBase();
// String protocol=currentPage.getProtocol();
// String host=currentPage.getHost();
//int port=currentPage.getPort();
// String urlSuffix="/servlet/dataStreamEcho";
// URL url=new URL(protocol,host,port,urlSuffix);
// URLConnection con=url.openConnection();
con.setUseCaches(false);
con.setDoOutput(true);
con.setDoInput(true);
ByteArrayOutputStream byteout = new ByteArrayOutputStream();
PrintWriter out=new PrintWriter(byteout,true);
String currenturl=new String("http://lib.nju.edu.cn");
String var1=this.encodedValue(currenturl); //encode the data
String data="currenturl="+var1;
out.print(data);
out.flush();
con.setRequestProperty("Content-Length",String.valueOf(byteout.size()));
con.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
byteout.writeTo(con.getOutputStream());
BufferedReader in=new BufferedReader(new InputStreamReader(con.getInputStream()));
String line;
while((line=in.readLine())!=null)
System.out.println(line);
catch (Exception e)
e.printStackTrace();
private String encodedValue(String rawValue)
return(URLEncoder.encode(rawValue));
=========================The servlet code below=====================
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class DataStreamEcho extends HttpServlet
{public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
res.setContentType("text/plain");
PrintWriter out = res.getWriter();
Runtime rt = Runtime.getRuntime();
out.println(rt.freeMemory());
out.println(rt.totalMemory());
response.setContentType("text/html; charset=GBK");
request.setCharacterEncoding("GBK");
PrintWriter out = response.getWriter();
HttpSession session=request.getSession();
ServletContext application=this.getServletContext();
String currenturl=(String)session.getAttribute("currenturl");
out.print(currenturl);
=============================================================
I have done up,but I found the program don't run as I have thought.
Can you help me to find where is wrong?Very thank!You are trying to pass the current URL to the servlet
from the applet, right?
Well, what I put was correct. Your servlet code is
trying to read some information from session data.
request.getInputStream() is not the IP address of
anything...see
http://java.sun.com/products/servlet/2.2/javadoc/javax
servlet/ServletRequest.html#getInputStream()
Please read
http://www.j-nine.com/pubs/applet2servlet/Applet2Servle
.htmlNo,you all don't understand I.
I want to send an Object to the server from a applet on a client.not url only.I maybe want to send a JPEG file instead.
All I want is how to communicate with a servlet from an applet,send message to servlet from client's applet.
for example,Now I have a method get the desktop picture of my client .and I want to send it to a server with a servlet to done it.How can I write the applet and servlet program?
Now my program is down,But can only do string,can't not done Object yet.Can anyone help me?
=======================applet=============================
public void init()
try
java.net.URL url = new java.net.URL(getDocumentBase(),"/servlet/dataStreamEcho");
//String currenturl=new String("http://lib.nju.edu.cn");
java.net.URLConnection con = url.openConnection();
//URL currentPage=getCodeBase();
// String protocol=currentPage.getProtocol();
// String host=currentPage.getHost();
//int port=currentPage.getPort();
// String urlSuffix="/servlet/dataStreamEcho";
// URL url=new URL(protocol,host,port,urlSuffix);
// URLConnection con=url.openConnection();
con.setUseCaches(false);
con.setDoOutput(true);
con.setDoInput(true);
ByteArrayOutputStream byteout = new ByteArrayOutputStream();
PrintWriter out=new PrintWriter(byteout,true);
String currenturl=new String("http://lib.nju.edu.cn");
String var1=this.encodedValue(currenturl); //encode the data
String data="currenturl="+var1;
out.print(data);
out.flush();
con.setRequestProperty("Content-Length",String.valueOf(byteout.size()));
con.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
byteout.writeTo(con.getOutputStream());
con.connect();
BufferedReader in=new BufferedReader(new InputStreamReader(con.getInputStream()));
String line;
while((line=in.readLine())!=null)
System.out.println(line);
catch (Exception e)
e.printStackTrace();
=======================servlet=============================
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
response.setContentType("text/html; charset=GBK");
//request.setCharacterEncoding("GBK");
PrintWriter out = response.getWriter();
HttpSession session=request.getSession();
ServletContext application=this.getServletContext();
//String currenturl=(String)session.getAttribute("currenturl");
String currenturl=(String)request.getParameter("currenturl");
out.print(currenturl);
File fileName=new File("c:\\noname.txt");
fileName.createNewFile();
FileOutputStream f=new FileOutputStream(fileName); //I just write the String data get from
//applet to a file for a test.
byte[] b=currenturl.getBytes();
f.write(b);
f.close();
} -
Security Issue while running client object code
Hi Team,
I have client object code to create SharePoint list items and i am using the below codes,
ClientContext clientContext = new ClientContext("MyCompanySiteName");
List olist = clientContext.Web.Lists.GetByTitle("Employee");
ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
for (int i = 13; i <= 25; i++)
ListItem oListItem = olist.AddItem(itemCreateInfo);
oListItem["Title"] = "TEST" + i.ToString();
oListItem.Update();
clientContext.ExecuteQuery();
Here my question is , i have list with 4 mandatory fields and i have run this code against the same list.
Where i can able to create list items without filling mandatory fileds using this above code.
How we are creating list items , without entering/filling Mandtory fields in SharePoint list.
Is this security issue or bug in SharePoint client object code.
Thanks
S.Jeeva
JeevaHi!
I agree with sadomovalex.
This is by design and it is not security issue, it is rather consistency issue. It should be resolved via checking for required values before use or via implementing event receivers that throw errors if the required values are not set.
If my suggestion helped you to solve your problem, please don't forget to mark it as Answer -
Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
Some have no problem accessing the lesson plans.
Most when they login click on a lesson plan and an icon shows up that says loading but never does.
If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
Think Central support says this is a security issue with Firefox.
I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
I have allowed the pop ups to the think Central web site.
Any help would be appreciatedAre there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand. -
when opening safari i get a message that says major security issue please contact apple immediately suspicious activity might have been detected. what is this and how do i get rid of it so i can use my internet?
A misleading and malicious popup. Launch Safari with the Shift key held down; if that doesn't work, temporarily disconnect the computer from the Internet.
(121307) -
Issue with implementing Object Security in RPD (OBIEE 11g)
Hello All,
I am following these steps to implement Object Security, but it doesn't work. Please let me know what am I doing wrong here:
1. I want to block a few presentation tables for the user 'weblogic'.
2. I open the RPD in online mode and in the Identity Manager, for the application role 'BIAdministrator', I setup permissions 'no access' to these presentation tables. It asks me to 'Check Out' which I do.
3. I check in the changes, save the RPD and deploy in back in EM.
4. I login into OBIEE Answers using 'weblogic' user but alas these presentation tables are still available for me to use.
I have tried looking for a solution on the internet before posting the solution here. Please don't ask me to read through the security setup guide because I have done that. Any specific answers are most welcome.
Thanks in advance.Try this:
Double click on the presentation table.
Go to permissions and then revoke the access to BI Administrators. -
I have several times tried to stop following a thread in the PDF's forum about security issues and i still keep getting flooded with emails from this thread. I used the action within the thread that says stop following but appears to have no effect I still keep getting from 5 to 20 emails daily. Please help!!!!!!!
This may be helpful: How do I disable email notifications?
-
I am working with Firefox 35.0 I get the security certificate error message of site name) uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer).
This happens on each page that I go to. I can pull the page up with no problem with Explorer. Please Help. I don't have any security software that would be stopping or scanning SSL.Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details" to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
*Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
*Click the "View..." button and inspect the certificate and check who is the <b>issuer of the certificate</b>.
You can see more Details like intermediate certificates that are used in the Details pane.
If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
*Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
*Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate. -
how to reactivate an old apple ID that has some security issues? I can't acces the yahoo that was used to create that account because it was already recycled by yahoo.
So when I restore my iPad 2, it is asking me for my old apple ID that was no longer working.....
ANY HELP PLEASEHi marcpople,
If you have had an Apple ID disabled due to a security issue, you may find the following articles helpful:
Apple ID: 'This Apple ID has been disabled for security reasons' alert appears
http://support.apple.com/kb/ts2446
Apple ID: If you forget your password
http://support.apple.com/kb/ht5787
Regards,
- Brenden -
I have the original iPad. There have been no recent ios updates for it. Is the SSL security issue a problem? Is my iPad safe to use?
You are OK. The fix is not necessary in iOS 5.1.1.
Maybe you are looking for
-
How to insert a table with ref statement?
the script: CREATE OR REPLACE TYPE B_T AS OBJECT ( type varchar(6), value number(2)); create table Bo of B_T; insert into Bo values('a',0); insert into Bo values('b',1); create or replace type try_T AS OBJECT( iii number(10), aaa ref B_T); create tab
-
Cfpop falls over with attachments with %'s in the name
Hi there, We are running CF 7.02 MX on a Windows 2003 Server. We have a scheduled process that runs which collects mail using cfpop, modifies it and forwards it on. If any of the downloaded mails contains an attachment with an unusual character in it
-
How do I stop receiving loud random alerts for games that I have downloaded?? Thanks
-
Okay, I have a JTextField with wrap on. It's setEditable(false). The string in it is going to be changing constantly and the field has a fixed size. I'm trying to come up with a method that will determine the maximum sized font that will be able to f
-
Hello, I have a table (my own table model) and I want to write all of the data (Vector containing vectors) to a text file. Is it possible to do something similar to this taking in a vector instead of a map? public void saveFile(SortedMap<String,Strin