url-pattern working?

Greet the sun all,
          Question, does anybody know if <url-pattern> in the web.xml file is
          working for file patterns? I try to map file pattern *.xyz to a servlet
          and it does not work. I have tried this under Tomcat and it works fine.
          Perry Hoekstra
          Consultant
          Talent Software Services
          [email protected]

Perry Hoekstra <[email protected]> wrote in message
          news:[email protected]..
          > Question, does anybody know if <url-pattern> in the web.xml file is
          > working for file patterns? I try to map file pattern *.xyz to a servlet
          > and it does not work. I have tried this under Tomcat and it works fine.
          I can't get it to work either. My webapplication looks like this:
          /WEB-INF
          /public.html
          /guarded.html
          /login.html
          /error.html
          ...and my web.xml has a <url-pattern> element in it that looks like this:
          <url-pattern>/guarded.html</url-pattern>
          ...that is, in accordance with the Servlet 2.2 specification, I'm trying to
          get my web application to declare that that particular security constraint
          should apply only to the guarded.html page and nothing else. I'm using FORM
          based login.
          Can anyone from BEA comment on the brokenness or lack thereof of the
          <url-pattern> element and how it should be used? I've of course read all
          the documentation about it because there isn't much. :-)
          Cheers,
          Laird

Similar Messages

Filter does not work with *.jsp URL pattern???

Hi All,
I am, by no means, very good at JSF or Java. I have looked at various forum posts on here for ways to implement a security filter to intercept requests to pages that first require one to be logged in, and if not, redirect them to the login page. Yes, I know a lot of you have heard this many times before, and I'm sorry to bring it up again.
BUT, from the guidance of other posts, I have got a filter that works fine when the url pattern is set to "/faces/*" or "/<anything>/*", however it won't work for "*.jsp" or "*.<anything>"
My filter is as follows:
package test.security;
import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpSession;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SecurityFilter implements Filter{
    /** Creates a new instance of SecurityFilter */
    private final static String FILTER_APPLIED = "_security_filter_applied";
    public SecurityFilter() {
    public void init(FilterConfig filterConfig) {
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException{
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse res = (HttpServletResponse)response;
        HttpSession session = req.getSession();
        String requestedPage = req.getPathTranslated();
        String user=null;
        if(request.getAttribute(FILTER_APPLIED) == null) {
            //check if the page requested is the login page or register page
            if((!requestedPage.endsWith("Page1.jsp")) /* This is the login page */
                //set the FILTER_APPLIED attribute to true
                request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
                //Check that the session bean is not null and get the session bean property username.
                if(((test.SessionBean1)session.getAttribute("SessionBean1"))!=null) {
                    user = ((test.SessionBean1)session.getAttribute("SessionBean1")).getUsername();
                if((user==null)||(user.equals(""))) {
                   // try {
                 //       FacesContext.getCurrentInstance().getExternalContext().redirect("Page1.jsp");
                  // } catch (ServletException ex) {
                  //      log("Error Description", ex);
                    res.sendRedirect("../Page1.jsp");
                    return;
        //deliver request to next filter
        chain.doFilter(request, response);
    public void destroy(){
}My web.xml declaration for the filter is:
<filter>
<description>Filter to check whether user is logged in.</description>
<filter-name>SecurityFilter</filter-name>
<filter-class>test.security</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
Note: I have also tried this with <url-pattern>*.jsp</url-pattern> for the filter mapping in place of the Faces Servlet
My web.xml declaration for the url pattern is:
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>Which JSC/NetbeansVWP automatically creates a "JSCreator_index.jsp" which has:
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
<jsp:forward page="Page1.jsp"/>
</jsp:root>When run, this causes an Error 500 in the browser and a NullPointerException in SecurityFilter.java on the line:
if((!requestedPage.endsWith("Page1.jsp")) /* This is the login page */I think I'm missing something that would be obvious to anyone who knows better than me. Any ideas?

Dear Ginger and Boris,
thanks for the information - the problem seems to ocur in EP7 as well, Boris told me it is fixed in SP15. We are on SP14 now, so there is hope !
actually the information in the oss note stated above is also true, as we have an Oracle DB. On a similar demo system (only difference is SQL DB) the hyphen search works !
best regards, thank you !
Johannes

url-pattern for extension mapping in security-constraint not working

I'm trying to use extension mapping in a <security-constraint> configuration,
According to:
http://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-eval-spec/servlet-3_1-final.pdf?AuthParam=1429824454_de04222eab1b8…
Section 12.2:
A string beginning with a ‘*.’ prefix is used as an extension mapping.
But WebLogic does not take in consideration my configuration. If I use path mapping exact mapping it work.
My configuration is:
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Unsecured</web-resource-name>
        <url-pattern>*.wsdl</url-pattern>
        <url-pattern>*.xsd</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>HttpAuth</web-resource-name>
        <url-pattern>/ws/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ws-user</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Test1</realm-name>
</login-config>
<security-role>
    <role-name>ws-user</role-name>
</security-role>
WebLogic Server 12c (12.1.3)
Has anybody used extension mapping with security-constraint? Is that a WebLogic issue?

Hi nikita,
I have delt with the same problem before. As you say, most JSF actions all get posted back to the original page, and the faces servlet internally redirects according to the navigation rules and actions. This can mean the URL seen by the browser does not always correspond to the actual JSP (wrapped by JSF) that produced the content.
Generally adding the "<redirect/>" tag to all your navigation rules (in faces-config.xml) remedies this, so the actions are still posted back to the original page, but then the JSF servlet sends an http-redirect to the browser before invoking the new page. This way, the URL is always in sync, and the security constraints defined in your web descriptor always get invoked properly.
regards,
tony

Using security-constraint in web.xml; not recognizing url-pattern tag

I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.

I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint.

Problems With url-pattern in a filter-mapping

Hi!
I need to make a filter when the clients call a jsf pages in /pages in my web application, but when i make the filter-mapping like this:
     <filter-mapping>
          <filter-name>sessionFilter</filter-name>
          <url-pattern>/pages/*.jsf</url-pattern>
     </filter-mapping>An exception appears:
SEVERE: Parse error in application web.xml
java.lang.IllegalArgumentException: Invalid <url-pattern> /pages/*.jsf in filter mapping
     at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
     at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
     at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
     at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
     at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
     at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
     at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
     at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
     at org.apache.commons.digester.Digester.parse(Digester.java:1548)
     at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:263)
     at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:624)
     at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:216)
     at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4290)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
     at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
     at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
     at org.apache.catalina.core.StandardService.start(StandardService.java:480)
     at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
     at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)the <url-pattern>/pages/*</url-pattern> not work to me because process all pages, I nedd only *.jsf
Please Help me whit this.

"the <url-pattern>/pages/*</url-pattern> not work to me because process all pages, I nedd only *.jsf"
Yes but in the filter you can get the url from the request.getUrl() and then only process requests that contain .jsf. Simply just pass all other requests along.
Some information on url pattern matching:
http://edocs.bea.com/wls/docs61/webapp/components.html#113049

How to specify a servlet mapping as the url pattern with in the security constraints

Hi ,
Weblogic 6.0 documentation says the following:-
Define which resources in the Web Application the security constraint applies to using the <url-pattern> element that is nested inside the <web-resource-collection> element. The <url-pattern> can refer to either a directory, filename or a <servlet-mapping>.
To apply the security constraint to the entire Web Application, use the following <url-pattern>:
<url-pattern>/*</url-pattern>
Could any one let me know how to specify servlet mapping as the url pattern.
I tried various combination and it doesn't seem to work and any help in this regard will be greatly appreciated.
Thanks
kannan

The answer is posted here:
Unapproved User Flag in UME

Mapping an url-pattern to a servlet in a hosted environment

This may not be exactly the right place for this, but I thought someone may have had similar experiences and be able to suggest something...
My JSP/Servlet application runs fine in a Tomcat -standalone environment, however there are certain mappings (hrefs and what-not) that do not function when I upload it to the hosted environment I am using. For example, the index page contains a link to something like /xyz. /xyz is an url-pattern specified in my web.xml that is then mapped to a servlet. The hosted application gets an Apache 404 when following such a link, because (the hosting help desk tell me) by default the only requests that Apache forwards to Tomcat are /*.jsp, /*.xml and /servlet/*, as defined in their httpd.conf.
Are any of the following possible?
1. They introduce somes line into the Tomcat section of their httpd.conf forwarding requests like myHostedSite/xyz to my instance of Tomcat (and so not forwarding theirOtherHostedSites/xyz).
2. (My preferred shot-in-the-dark) They introduce a line into their httpd.conf that, for my site, then references another configuration file (on my part of the system), in which I could maintain a list of mappings that Apache should forward to Tomcat.
Otherwise, I guess, I am left to change all refences in my code and pages from /xyz to /servlet/xyz which is ugly and feels like a kludge.
Any hints, tips, help or advice (or even directions to a better place to post this) gratefully received.

For Point 2, surely they are using a Virtual Host for your app on tomcat? this means they should be able to configure ALL requests to Tomcat based on your Virtual Host. Unless of course your using thier host name and utilising only the context path???
The httpd.conf should have something like:<VirtualHost your.domainName.com:80>
    ServerAdmin [email protected]
    DocumentRoot /path/to/your/app
    ServerName your.domainName.org
    ErrorLog /path/to/error/log
    CustomLog /path/to/custom/log
    JkMount /*.jsp worker1 //your worker.properties file
    JkMount /*.html worker1 //your worker.properties file
</VirtualHost>With the DocumentRoot set it should default all your gifs, jpegs etc but route htmls, jsps and servlets through to your tomcat instance as configured with your worker.properties file.
I have to admit, Apache to Tomcat integration can be a nightmare and the Apache httpd.conf file is a monster but the above code should work provided you have yout own domain name.
Regards,
Anthony

JSF url-pattern *.jsf problem

Hi all,
I am working in a project to add the jsf page in the existing jsp application. It uses Apache Tomcat 6.0.18 as the server and eclipse for coding.
I created a jsf page named index.jsp and I added the code in web.xml as follows
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</servlet-mapping>
and when I use the url
http:localhost:8080/myproject/index.jsf
Page did not open in the browser and browser reports page not found.
If I change url-pattern to
<url-pattern>/faces/* </url-pattern>
and
when I use the url
http:localhost:8080/myproject/faces/index.jsp
It works.
What should I want to do to make
http:localhost:8080/myproject/index.jsf to render in the browser?
Edited by: mvg90 on Jul 24, 2009 4:22 AM

BalusC wrote:
I have no idea. Reinstalling the stuff is definately cumbersome. This is likely just a matter of configuration and/or the way of usage. Hard to say based on the as far given little information (read this how to ask questions the smart way and read this how to provide good code examples representing your actual problem).
If you want you can of course redo the setup of the environment and the code based on some reliable tutorial / book.I am sorry if my information is not sufficient. What information can I give to solve the problem?

Wildcards in url-pattern ?

Hi,
Is it possible to map servlets with wildcard url-patterns such as
<url-pattern>/stuff/*</url-pattern>
in the OC4J used in 10gR2?
/stuff/123123?id=foo gives a hit on Tomcat but 404 on OC4J (and the admin console shows the mapping as /stuff).

Hello,
It is working for me without any issue.
Could you please copy the web.xml content that defines the servlet and its mapping?
Also what is the topology of your OracleAS 10gR2,, are you using OHS? or it is OC4J stand alone?
Regards
Tugdual Grall

Different url-patterns for same servlet running in 2 different environments

Hi All,
I have a question about url mappings in my web.xml file and I hope somebody can help. The situation is that I�m putting together a web app using a combination of JSPs and servlets. I can�t develop on the machine that it will be hosted on, so I�m working and testing on my own machine and will transfer to the host machine when finished. However, the host machine is set up to map serlvets to http://�/servlet/MyServlet but the copy of tomcat I have installed locally maps to http://�/MySerlvet. My question is, when I get ready to transfer my application do I have to go through all my code and find serlvet references and insert the �servlet/� path info required by the hosting service, or can I just change the url patterns for the servlet mappings of the web.xml file on the host machine ? In other words:
Local install of Tomcat where servlets are accessed at http://�/MyServlet
<servlet-mapping>
<servlet-name> MyServlet </servlet-name>
<url-pattern>/MyServlet </url-pattern>
</servlet-mapping>
Host machine install of Tomcat where servlets are accessed at http://�/servlet/MyServlet
<servlet-mapping>
<servlet-name> MyServlet </servlet-name>
<url-pattern>/servlet/MyServlet </url-pattern>
</servlet-mapping>
I guess my thinking is that it would be better/easier to have a remote and local version of the web.xml file that reflects the environment each one resides in and have only one codebase rather than 2 codebases and 1 web.xml file. Am I thinking about this in the right way, or have I misunderstood something?
Thanks,
Peter

What you�re suggesting is logical, but won�t that
effect all the other stuff I�ve got running on my
local Tomcat install that expects servlets to be
accessed at http://.../ServletName ?
in web.xml, you decide of your mapping, so you could use the /servlet/ServletName pattern for your application that needs to be remote, and /ServletName for the rest of your stuff. You can even define more than one mapping for a servlet...
In fact, you should probably put your whole application that is going to be on a remote server in it's own context, and to be ahead of dufymo :-) , learn to put it a war file for deployment.

url-pattern syntax

I am trying to deploy a jsp (adf) application to tomcat 5.2 but I am getting errors because of the filter-mapping tags I am using. This is the relevant part of my web.xml file:

<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<servlet-name>jsp</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>LoginCheckFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>

<! NOT OK -->
<filter-mapping>
<filter-name>CheckUnosRole</filter-name>
<url-pattern>admin.do</url-pattern>
</filter-mapping>
<! NOT OK -->
Tomcat complains about the part marked with NOT OK. It says that the url-pattern has syntax error. Mapping the filter to: .do, .jsp or jsp (as in the OK part) works fine. But, I need to map some filters to specific actions, like myAction.do. How am I supposed to do that?
I have deployed the same application to oc4j and there it works fine.

I am trying to deploy a jsp (adf) application to tomcat 5.2 but I am getting errors because of the filter-mapping tags I am using. This is the relevant part of my web.xml file:

<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>ADFBindingFilter</filter-name>
<servlet-name>jsp</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>LoginCheckFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>

<! NOT OK -->
<filter-mapping>
<filter-name>CheckUnosRole</filter-name>
<url-pattern>admin.do</url-pattern>
</filter-mapping>
<! NOT OK -->
Tomcat complains about the part marked with NOT OK. It says that the url-pattern has syntax error. Mapping the filter to: .do, .jsp or jsp (as in the OK part) works fine. But, I need to map some filters to specific actions, like myAction.do. How am I supposed to do that?
I have deployed the same application to oc4j and there it works fine.

Regular expression in url-pattern in web.xml

hi,
could any tell me the is web.xml accepts regexp(except wild card) in it's url-pattern attribute. I want to put regular expression (except wildcard, i know it supports) as [a-zA-Z]+ like in url-pattern in servlet-mapping. I tried this :
<servlet-mapping>
<servlet-name>AppDnldMain</servlet-name>
<url-pattern>/[a-zA-Z]+/?</url-pattern>
</servlet-mapping>
But it dint work.. I dont know whether i processed in right way. Any suggestion are most welcome..

No it does not accept wild card.
Servlet specification section SRV.11.2
In theWeb application deployment descriptor, the following syntax is used to define
mappings:
A string beginning with a / character and ending with a /* suffix is used
for path mapping.
A string beginning with a *. prefix is used as an extension mapping.
A string containing only the / character indicates the "default" servlet of
the application. In this case the servlet path is the request URI minus the context
path and the path info is null.
All other strings are used for exact matches only.
If you want regex matching, you can match all urls to a single servlet, and then use request.getRequestURI and do regex on that in your code.
Cheers,
evnafets

Can you have url pattern with struts action in a directory to security

i want to implement security based on roles and want to use struts action patterns but they dont work
i am trying something like this
<url-pattern>/jsps-one/*.jsp</url-pattern>
<url-pattern>/action-jsps-one/*.do</url-pattern>

Hi,
do you knwo that Struts actions have a Role property ? You can use J2EE roles directly on Struts actions without having to fish for the URL pattern.
Best practices for security in Struts is to place teh JSP files in the WEB-INF directory so they are safe there.
See http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
Frank

Bug when specifying url-pattern in web.xml

Hi
          I have been using Weblogic 6.0 Beta and managed to specify the following
          security constraint
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>SecurePages</web-resource-name>
          <description>no description</description>
          <url-pattern>/control/signin</url-pattern>
          <url-pattern>/control/refreshUser</url-pattern>
          <url-pattern>/control/updateUser</url-pattern>
          <url-pattern>/control/deleteaddress</url-pattern>
          <url-pattern>/control/updateaddress</url-pattern>
          <url-pattern>/control/refreshcontacts</url-pattern>
          <url-pattern>/control/updatecard</url-pattern>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
          </web-resource-collection>
          </security-constraint>
          This works fine as you would expect. I have upgraded to Weblogic 6.0 Service
          Pack 1 Rolling Patch 1 and the same web.xml file no longer works. When you
          try and start the server Weblogic hangs just after loading the Oracle driver
          that I use.
          The odd behaviour is that if I change the order of the url-pattern elements
          so that the updatecard URL is above the refreshUser URL the server starts!
          (shown below)
          <url-pattern>/control/signin</url-pattern>
          <url-pattern>/control/updatecard</url-pattern>
          <url-pattern>/control/refreshUser</url-pattern>
          <url-pattern>/control/updateUser</url-pattern>
          <url-pattern>/control/deleteaddress</url-pattern>
          <url-pattern>/control/updateaddress</url-pattern>
          <url-pattern>/control/refreshcontacts</url-pattern>
          A deadlock condition appears to occur, a section of the thread dump looks
          like:
          "Reference Handler" daemon prio=10 tid=0x8990b20 nid=0x7dc waiting on
          monitor [0
          x8c0f000..0x8c0fdc4]
          at java.lang.Object.wait(Native Method)
          at java.lang.Object.wait(Object.java:420)
          at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:110)
          "main" prio=5 tid=0x234ce0 nid=0x6cc runnable [0x6e000..0x6fc3c]
          at weblogic.servlet.utils.URLMatchMap.put(URLMatchMap.java:156)
          at
          weblogic.servlet.security.internal.WebAppSecurity.setConstraints(WebA
          ppSecurity.java:77)
          Looking at the weblogic.jar file the URLMatchMap class is a new addition
          over the original Weblogic 6.0. It seems that the put method of the
          URLMatchMap may be going into an infinite loop, dependant on the URLs that
          are being entered. The fact that changing the order of the URLs overcomes
          the bug seems to suggest there may be some coding error in this new class.
          A fix would be great if anyone has one.
          Chris Mein


          Just wondering if anyone ever came up with the solution to the bug with WL 6.0
          sp1, mentioned by Chris, below. Any information on this would be greatly appreciated.
          Tony
          "Chris Mein" <[email protected]> wrote:
          >Hi
          >
          >I have been using Weblogic 6.0 Beta and managed to specify the following
          >security constraint
          >
          ><security-constraint>
          > <web-resource-collection>
          > <web-resource-name>SecurePages</web-resource-name>
          > <description>no description</description>
          > <url-pattern>/control/signin</url-pattern>
          > <url-pattern>/control/refreshUser</url-pattern>
          > <url-pattern>/control/updateUser</url-pattern>
          > <url-pattern>/control/deleteaddress</url-pattern>
          > <url-pattern>/control/updateaddress</url-pattern>
          > <url-pattern>/control/refreshcontacts</url-pattern>
          > <url-pattern>/control/updatecard</url-pattern>
          > <http-method>POST</http-method>
          > <http-method>GET</http-method>
          > </web-resource-collection>
          > </security-constraint>
          >
          >This works fine as you would expect. I have upgraded to Weblogic 6.0
          >Service
          >Pack 1 Rolling Patch 1 and the same web.xml file no longer works. When
          >you
          >try and start the server Weblogic hangs just after loading the Oracle
          >driver
          >that I use.
          >
          >The odd behaviour is that if I change the order of the url-pattern elements
          >so that the updatecard URL is above the refreshUser URL the server starts!
          >(shown below)
          >
          ><url-pattern>/control/signin</url-pattern>
          ><url-pattern>/control/updatecard</url-pattern>
          ><url-pattern>/control/refreshUser</url-pattern>
          ><url-pattern>/control/updateUser</url-pattern>
          ><url-pattern>/control/deleteaddress</url-pattern>
          ><url-pattern>/control/updateaddress</url-pattern>
          ><url-pattern>/control/refreshcontacts</url-pattern>
          >
          >A deadlock condition appears to occur, a section of the thread dump looks
          >like:
          >
          >"Reference Handler" daemon prio=10 tid=0x8990b20 nid=0x7dc waiting on
          >monitor [0
          >x8c0f000..0x8c0fdc4]
          > at java.lang.Object.wait(Native Method)
          > at java.lang.Object.wait(Object.java:420)
          > at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:110)
          >
          >"main" prio=5 tid=0x234ce0 nid=0x6cc runnable [0x6e000..0x6fc3c]
          > at weblogic.servlet.utils.URLMatchMap.put(URLMatchMap.java:156)
          > at
          >weblogic.servlet.security.internal.WebAppSecurity.setConstraints(WebA
          >ppSecurity.java:77)
          >
          >Looking at the weblogic.jar file the URLMatchMap class is a new addition
          >over the original Weblogic 6.0. It seems that the put method of the
          >URLMatchMap may be going into an infinite loop, dependant on the URLs
          >that
          >are being entered. The fact that changing the order of the URLs overcomes
          >the bug seems to suggest there may be some coding error in this new class.
          >
          >A fix would be great if anyone has one.
          >
          >Chris Mein
          >
          >

Invalid URL Pattern exception when deploying ear file

Hi,
I encountered some problem during deploying an ear file into SJSAS PE. This ear file has successfully been deployed into WebLogic Server and works fine.
The error message is as follows:
Deploying application in domain failed; Error loading deployment descriptors for module [wsgServerRel1_0] -- Invalid URL Pattern: [pfk/PfkMainServlet] Error loading deployment descriptors for module [wsgServerRel1_0] -- Invalid URL Pattern: [pfk/PfkMainServlet] The following is the relevant part regarding URL pattern:
     <servlet>
          <servlet-name>PfkMainServlet</servlet-name>
          <servlet-class>com.sns.pfk.servlet.PfkMainServlet</servlet-class>
          <load-on-startup>0</load-on-startup>
     </servlet>
     <servlet-mapping>
          <servlet-name>PfkMainServlet</servlet-name>
          <url-pattern>pfk/PfkMainServlet</url-pattern>
     </servlet-mapping>What else I need to do to make it work?
Regards,
Xinjun

You have an error in your url-pattern. A url-pattern must either begin with a slash ("/") for the exact match or directory match or it could begin an asteric("*") for the extension match(refer to the servlet spec).
In your case it should be something like:
<servlet-mapping>
          <servlet-name>PfkMainServlet</servlet-name>
          <url-pattern>/pfk/PfkMainServlet</url-pattern>
</servlet-mapping>
or
<servlet-mapping>
          <servlet-name>PfkMainServlet</servlet-name>
          <url-pattern>/pfk/*</url-pattern>
</servlet-mapping>

url-pattern working?

Similar Messages

Maybe you are looking for