URL rewriting in Weblogic JSP
[att1.html]
Hi,
I believe that you will have to use encodeURL for any URL in your HTML
output. Actually, I believe that this is something that you should
always do regardless of whether or not you are using URL rewriting
(i.e., it is good programming style)...
Robert
Daniel Wabyick wrote:
>
> Hello,
>
> I have been experimenting with session-tracking via URL rewriting with
> Weblogic.
>
>
> I set the following property to true in my weblogic.properties file
>
> # Enables URL rewriting
> weblogic.httpd.session.URLRewriting.enable=true
>
> ---------
>
> Then, I created a JSP page with a form that submits back to itself.
> Originally, I had specified the form tag as :
> <form action=<%= request.getRequestURI() %> method="post">
> I turned cookies off, but the URL did not get rewritten and the
> session resets every time. Thats bad in my situation.
>
> ---------
>
> So finally I changed the tag to the following :
> <form action=<%= response.encodeURL(request.getRequestURI()) %>
> method="post">
>
> I would think this should happen automatically. Is there any way to
> make this happen as a default so that I don't have to rewrite every
> form action?
>
> Thanks,
>
> Daniel Wabyick
>
> -----------------------
> Server Engineer, Fluid
>
Similar Messages
-
To enable URL rewriting in WebLogic Server 6.0
I deployed a WAP enabled application in Weblogic Server 6.0 in whch i used encodeURL method of the HTTPResponse servlet class which encodes the session ID into the hyper-links on the Web pages that your servlet sends back to the browser.For this we need to set weblogic.httpd.session.URLRewriting.enable to "true" in the weblogic properties.In weblogic 5.0 we set this in the weblogic.properties file.Can any one help how to do this in weblogic 6.0?.
See this link - http://e-docs.bea.com/wls/docs60//adminguide/config_web_app.html#100770
You need to set the URLRewritingEnabled to true in the weblogic.xml deployment descriptor now. -
Plumtree and Weblogic Portal Server | URL rewriting incompatibility
Hi All,
I am using Weblogic Portal as the Producer and Plumtree as the consumer for my WSRP portlets. I have enabled Producer URL rewriting. When i invoke an action URL i get a "Mode is not supported in this portlet." error. The template being passed is <blockingActionTemplate>/wsrpconsumer/pt_action?wsrp-navigationalState={wsrp-navigationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}</blockingActionTemplate>
and the URL generated is a href="/wsrpconsumer/pt_action?wsrp-navigationalState=&wsrp-interactionState=_action%3D%2FnewAction1&wsrp-mode=&wsrp-windowState="
The same portlet works fine when Consumer URL rewrting is enabled.
Plumtree is giving the same error for the portlets at the consumer at http://sunwsrp.dyndns.org/portal/wsrp/wsdl/default. Any help would be highly appreciated
ThanksHi, I don't have an answer on this but another more basic question. Our agency is using Plumtree Portal v5. I am assigned to develop a remote portlet. According to what I've read on the web as far back as 2003 Plumtree Portal supports WSRP but I'm getting conflicting answers within our agency. This post seems to indicate that the Plumtree Portal can consume WSRP compliant remote portlets. If that is correct, can you point me to documentation/examples? I've found reference to a Plumtree resource called "WSRP Portlet Consumer" for WSRP--does that still exist? Any help would be appreciated.
-
URL Rewriting in JSP/Servlets
Enabling URL rewriting for session support where cookies are switched off, results in the URL being rewritten as myURL/$SessionID$a_very_long_string.
I believe that the /$SessionID$ is configurable on the server, does anyone know how ?
OAS version 4.0.8.1. patched with JSP support.Why is it placing a ';' before jsessionid ? Shouldn't
it be a '&'? The current result is a page not found.Your url looks ok to me. '&' seperates parameters. I'm using the Struts framework to handle those ugly details and it generates urls like this one for me:
http://localhost:8080/JspMini/main.jsp;jsessionid=C2C1C2D9C6106758047127038554C813
Looks like you have another problem...
HTH, Markus -
Weblogic.xml: url-rewriting-enabled false
The following heads my weblogic.xml for a WebLogic 9.2 portal web application:
<wls:session-descriptor>
<wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
</wls:session-descriptor>
<wls:context-root>intranet</wls:context-root>
However, on the first rendering of a session, the URLs still contain the jsessionid=... session identifier.
Is this not the correct setting to disable jsessionid injection? Or just BEA 9.2 bug #2983849299?Hi,
This is the console, or your app you are talking about? This is the correct parameter to avoid jsessionid injection, but just for your app, not for the admin console. If this is you app, I found it somehow weird that the sessionid is placed in the URL, if this is the console, I do not know if there is a way to avoid it :-(
Regards,
LG -
Sessions, URL Rewriting, and Cookies
First some background, then some questions:
BACKGROUND
I have written an application framework to use with JSP/EJB/Servlet
based applications. This framework does URL rewriting
(response.encodeUrl) for all URLs generated by the application, and I
have URL-based session support turned on in WebLogic.
Despite the fact that my browser is set to support cookies on my test
machines, I have noticed that intermittently the URL rewriting to
support session IDs kicks in. Then, later, it goes away again. This
would seem to indicate that the client browsers are (for no apparent
reason) deciding to occasionally not support sessions with cookies, so
that the server has to step in and do URL writing instead.
QUESTIONS
1. Has this sort of behavior been reported by anyone else?
2. Is there a servlet/JSP API anywhere that I can call on a per-HTTP
transaction basis to see if the browser that is participating in the
transaction is at that moment supporting cookies?
3. There are times when my framework needs to delete a cookie by setting
its maxAge to 0. Most of time time this works, but (as with the session
ID/URL rewriting above) occasionall the cookie does not get deleted on
the client brower machine. This screws up some of the application logic
that I have in the framework. Is this related to the problems listed
above?
CONCLUSION
Any and all information is appreciated, from anyone. Thanks!
Chris
Hi,
To answer your question #1, yes I have seen this behaviour, and
the explanation I feel is as follows.
1] You access a resource on WL Server & it starts a session, at
this moment it is not sure whether the browser supports cookies
so it uses both methods, URL Writing & cookies to store the session
ID
2] On the next request, it tries to read the cookie, if it is able
to read it that means cookies are enabled and there is no need
to continue with URL Rewriting else it continues wioth URLRewriting.
To answer Question #2, you can follow a procedure similiar to above
to find out if browser supports cookies, ie set a cookie & in the
next request try to read teh value.
As far as Question #3 is concerned, try setting the magAge to -12
hours insteda of 0 so that there is no problem even in case of
a time difference.
hope this helps
Rahul
Chris Dole <[email protected]> wrote:
>First some background, then some questions:
>
>BACKGROUND
>I have written an application framework to use with JSP/EJB/Servlet
>based applications. This framework does URL rewriting
>(response.encodeUrl) for all URLs generated by the application,
>and I
>have URL-based session support turned on in WebLogic.
>
>Despite the fact that my browser is set to support cookies
>on my test
>machines, I have noticed that intermittently the URL rewriting
>to
>support session IDs kicks in. Then, later, it goes away
>again. This
>would seem to indicate that the client browsers are (for
>no apparent
>reason) deciding to occasionally not support sessions
>with cookies, so
>that the server has to step in and do URL writing instead.
>
>QUESTIONS
>1. Has this sort of behavior been reported by anyone else?
>
>2. Is there a servlet/JSP API anywhere that I can call
>on a per-HTTP
>transaction basis to see if the browser that is participating
>in the
>transaction is at that moment supporting cookies?
>
>3. There are times when my framework needs to delete a
>cookie by setting
>its maxAge to 0. Most of time time this works, but (as
>with the session
>ID/URL rewriting above) occasionall the cookie does not
>get deleted on
>the client brower machine. This screws up some of the
>application logic
>that I have in the framework. Is this related to the problems
>listed
>above?
>
>CONCLUSION
>Any and all information is appreciated, from anyone. Thanks!
>
>Chris
>
-
URL-Rewriting or append query string in URL
Hi
I have one other quetion related to my project I am working and need to finish tonight.
I read one table in first JSP and want to send one column, eventname to the other JSP. Can I use URL-rewriting. I need to keep the event name thruoghout too.
Is this syntax correct..
Please help me !!!Syntax is:
<a href="ListEvents.jsp?event=eventname">Click me</a>In the JSP, there are two things you may need to do when generating the link.
1. Encode the URL - this is needed if any arguments (in this case "eventname") might include spaces or special characters.
2. Apply URL rewriting info if this may be needed. This will add "&JSESSIONID=xxxxx" if required.
<%
String link = "ListEvents.jsp?event=" + getEventName(); // or whatever gets the event name
link = java.util.URLEncode.encode(s,"UTF-8"); // encode the event name data
link = response.encodeURL(link); // add the session id if URL rewriting in use
%>
<a href="<%=link%>">Click Me</a>The event name is retrieved using request.getParameter("event") -
Hello all,
I am having a url rewriting issue where the first time someone accesses the website with a browser that has cookies enabled my jsp pages will still encode all of the URL's with the jsessionid. Which I believe should not happen unless cookies are disabled.
Why is this occuring?
Once the user goes to another page in the site or the second time they bring up the site in the same browser the jsessionid is not written to the URL links. This only happens on first access.
I am using Tomcat 5.5
response.encodeURL() to encode the links
Is this a container or programming error?
Thank you all very much for your time in reading this!Ok, thank you.
Based on this: http://www.sciabarra.com/fatwire/2011/04/17/improving-the-firstsiteii-url-assembler/
I think my approach would work if I remove the Asset API stuff from here and put them into a helper class, which would be then called from the wrapper JSP.
I'd rather not install 3rd-party extensions just for url rewriting, at least not yet... -
Hi all,
I am using weblogic as the producer and plumtree as the consumer. I have configured for ConsumerURL rewriting by specifying it in the wsrp-producer-config.xml, but the soap request for the getMarkUp to weblogic is still containing the Template URLs. How can i prevent the template URLs being passed. Any help would be appreciatedHello Jonathan,
I believe consumer-side URL rewriting happens after the GetMarkupInterceptor.postInvoke() call is made.
Kevin -
Always use URL Rewriting for session tracking?
All you JSP guru:
I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
here's a response someone else made on a websphere newsgroup to a statement in that regard:
I believe you are technically correct. However from my
experience, I think the spec if flawed in this area since
there is no reliable way of determining whether the
client browser supports cookies. The authority on
cookies (www.cookiecentral.com) says:
"To properly detect if a cookie is being accepted via
the server, the cookie needs to be set on one HTTP
request and read back in another. This cannot be
accomplished within 1 request."
This is asking too much of a servlet engine
implementation. Even if it did submit a request for this
purpose, the user could refuse the cookie. So
then technically the browser supports cookies, but the
servlet engine infers it doesn't. So if the servlet engine
infers the browser does not support cookies and so
encodes the URL, it is again out of spec because the
browser really does support cookies. By doing it
however encoding is configured makes things simpler,
robust, consistent and avoids the flaw.
My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff... -
Does URL rewriting in JBuilder4 work?
I am writing a shopping cart application.
To keep track of the products the user has chosen I am using a URL rewriting code that appends the product details to the URL and then requests the same page again.
<a href="<%= response.encodeURL(shopproducts.jsp?title="+title+"&item_id="+item_id+"&price="+price) %">">
In this page there is a response that will add the chosen product to the shopping cart using a piece of JSP code.
<% String title = request.getParameter("title");
In JBuilder4 when I click on the request code I get an error.
Unable to open location: Could not connect to: http://localhost:8080/myproject/easyshop/shopproducts.jsp;jsessionid=To1010mC02444678198891448At?title=Java 2&item_id=1&price=10
Is this because JBuilder dosent know how to keep track of the session ID?
If so how can I get round this or if not is there a better way to keep track of the items?
thanks.</a>Take a look at UrlRewriteFilter for URL Rewriting.
This particular URL http://localhost:8080/myproject/easyshop/shopproducts.jsp;jsessionid=To1010mC02444678198891448At?title=Java 2&item_id=1&price=10
has ;jsessionid=.............. after shoppingproducts.jsp
But a valid URL looks something like this
somepage.jsp?someValue=123&anotherValue=456
So having that semicolon instead of a question mark immediately after the .jsp , might be what's causing the error.
If you have doubts , try to access the page by putting the entire URL
http://localhost:8080/myproject/easyshop/shopproducts.jsp;jsessionid=To1010mC02444678198891448At?title=Java 2&item_id=1&price=10
into your browser.
If your browser can't connect then, what ever you are using to connect to that URL can't connect either.
Then remove the semicolon and jessionid part, and try to connect and see if it works. -
URL Rewriting Session ID Length in iPlanet Application Server
Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?
And finally, is there any way to restrict or specify the maximum length of
the session ID?
I ask this due to a limitation with some WAP clients & gateways which
prevents the URL from exceeding 128 characters.
Any info on this issue from iPlanet staff or anyone else is much
appreciated.
<background-info>
Please see the following links if you'd like some additional background:
http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
under the heading "Session Tracking" at the bottom
http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
8gaki8%247d5%241%40newsgroups.bea.com#p
</background-info>
Regards,
Sasha HaghaniSasha Haghani wrote:
Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
I'm fairly certain that it is fixed. 18 for the attibute, 16 for the value, plus
1 for the equals. (Plus 1 for the ? if it didn't already exist.)
So 35 or 36 depending on how you count it. Someone needs to verify this and
check my counting though.
>
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?I don't know what WebSphere does. iAS does not encode failover information in
the ID. Because of the way session is propogated, no server information needs to
be embedded in the id.
>
And finally, is there any way to restrict or specify the maximum length of
the session ID?No. -
J2EE: Explanation of URL rewriting?
Hi there fellow forumites,
I'm reading up on the implicit object Session in regards to JSP. Session state is usually done by maintaining a cookie that is sent to the client. If clients have cookies disabled, the Session object falls back on a method called "URL rewriting" to maintain state across many request/response calls. I've googled for this and searched the forums, but the web results are deeply technical and seem specific to ASP.NET and Apache modules and I've found nothing satisfactory in forum posts that explain it.
Can someone give a short description on how this "URL rewriting" works and why I need to rewrite any embedded URLs with the appropriate Response object methods?
Is it encoded in the HTTP header like parameters or something?
Thanks all.i can't answer that, i've never actually written
anything with j2ee. if you mean will they
automatically append to any url you write (with
Response.Write (or similar))? I doubt it. you
probably have to do it yourself, or call some
"WriteURL" function.Thats the methods of the Response object I was referring to (encodeURL(String)). Sorry, I didn't realise you'd not done any J2EE, so I was rabbiting on and assuming that you knew what I was on about :) I think I've answered my own question on that with your help, so thanks again. -
I've noticed some functional changes between SJSAS 8 Update 1 and SJSAS 8 2004Q4 Beta regarding use of URL rewriting in webapps.
Our servlet explicitly disables cookies in preference for URL rewriting. In SJSAS8-Update1, as for every other app server we've used (SJSAS 7 2004Q2, S17AS, Weblogic 8, Jboss), this works fine. But in the 2004Q4 beta release, URL rewriting doesn't work in Mozilla. IE works as per usual - inserting the relevant jsessionid's in the address bar.
Consequently when the browser attempts to hit the servlet for the second time - it has no jsessionid, and the servlet doesn't recognize the session.
As I said, this isn't a problem with any other release of the product; it seems to have been introduced in this most recent 2004Q4 beta of S1JSAS 8.
Anyone else noticed this or have any suggestions?More specifically, the problem appears to exist -only- in Firefox (not Mozilla in general).
Using LiveHTTPHeaders, its clear that Firefox 1.0 is setting the jsessionid identifier as a cookie, as opposed to URL rewriting. The other parameters are correctly passed using URL rewriting.
Thus Mozilla is sending a URL without the jsessionid and the appserv web container cannot locate the session.
We've set our sun-web.xml file to disable cookies explicitly using "enableCookies=false". However, Sun Appserv 8.1 2004Q4 BETA sends back a cookie to Firefox's request - even though the webapp has disabled it...
Very frustrating!! Any help/suggestions would be gladly appreciated! -
Apache Url rewrite for portal URLs
Hi,
I have a requirement where i need to write simple URL's for the default portal uRL's
for example
inspite of using default url like "http://myserver:port/portal/server.pt/community/abc_xyz/123/efg_jkl/12345",
if user uses
"http://myserver:port/portal/server.pt/xyz"
It should navigate to same default URL.
Can somebody let me know how this can be achieved.
I know Url rewriting is done through Apache Url rewrites but do not have an idea how apache does it with portal Url's. What configurations need to be done in order to manage portal Url's with apache rewrites.
Thanks
AjayHi Ryan,
Thanks for the reply. The link shows how to write the Rewrite rules in apache. I am familier with that. The actual problem is that how can the portal Url's be controlled by apache rewrites. My apache and weblogic are both on the same server instance but after writing the rewrite in httpd.conf file. It does not work out. Just want to know how can i tell apache to handle my portal Url's too.
Is there any specific entry that we need to make for doing this.
Thanks
Ajay
Maybe you are looking for
-
Copy user fields between PRq and PO.
Hello. I have little problem. I prepare new user field in Purchase Requisition called for example ZFIELD it is displayed and save into table EBAN by user exit MEREQ001. Now I want to copy this field to Purchase Order when I create PO with reference t
-
Hi I been a hunting for a solution to my problem for a while now and am desperate to find out why it's happening and how to fix it When I apply a brushstroke with my brushtool, No stroke displays itself in Realtime until I end the stroke. And the oth
-
Hello We have 2 seperate ledgers maintained for Leading ledger & Budget rate. (New GL) I am aware that 0FI_GL_14 will extract all line item from leading ledger only. Which Datasource should we use for Budget Rate? SAP suggests that we should use 3FI_
-
Server too busy, cannot force server shutdown
Hi! I am running WLS6.1 SP2 on W2K SP2, with Cloudscape 4.0. I am unable to access the console (after waiting a couple minutes) nor to force a server shutdown through the command line, which results in the following exception: Failed to connect to t3
-
If you are dealing with an unpaid L&I Bill
I'm not sure this will help many, but I remember looking around this forum for related topics and couldn't find any, so I'll put this here on the off chance someone ends up in the same boat. *I am not an lawyer, I have no legal education whatsoever,