Re: Changing url rewriting behaviour (';jsessionid')
You can use http://tuckey.org/urlrewrite/ to do your rewriting. Lots of people on the list recommend it. On Jun 29, 2009, at 3:16 PM, Daniel Henrique Alves Lima wrote: Hi, everybody. First of all: I'm sorry for my poor English. Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 Thanks in advance ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel,
On 6/29/2009 3:16 PM, Daniel Henrique Alves Lima wrote:
Hi, everybody. First of all: I'm sorry for my poor English.
Your English is quite good!
Is it possible to change url rewriting schema to use a different path
separator (instead of ';') or even to use a request parameter (instead
of a path append) ?
Are you trying to change the URLs that are emitted in the HTML your
application generates?
The problem:
- I'm using OpenOffice API to convert (on the fly) some html pages from
our webapp;
- I need to convert resources from protected paths;
- OpenOffice don't support cookies so i must use url rewriting, BUT
OpenOffice does not seem to like the appended path ';sessionid'.
So, you have written a simple client to:
1. Download a page
2. Convert that page
3. Follow links and go back to step #1
??
If yes, then you will have to capture the session id somehow, so you can
send it back to the server when you request additional pages. Without
cookies or the ;jsessionid parameter, how will you know what the session
id is?
I cannot use a simple servlet filter because Tomcat is doing
authentication/authorization (declarative security).
If you are just trying to remove the ;jsessionid=... from the URL,
then the use of authentication is not relevant /after/ the login page is
shown.
Can i implement a Valve to change request path (from a request
parameter to ;jsessionid) before authentication/authorization is
performed ?
I don't think you want to change the /incoming/ request, do you?
Can this Valve change paths inside redirect headers and html
bodies ? Is there any other way (simpler) of doing this communication
between OpenOffice and Tomcat works ?
Okay, so it sounds like you want to either remove or change the way that
the session id is encoded in URLs. This can be done by overriding the
response's encodeURL and encodeRedirectURL methods using a filter:
public class JSessionIdParameterMungingFilter
implements javas.servlet.Filter
{
public void doFilter(ServletRequest req,
ServletResponse rsp,
FilterChain chain)
{
if(shouldWrap(req)
rsp instanceof HttpServletResponse
((HttpServletRequest)req).isRequestedSessionIdFromCookie())
rsp = new ResponseWrapper((HttpServletRequest)req,
(HttpServletResponse)rsp);
chain.doFilter(req, rsp);
}
public boolean shouldWrap(ServletRequest req)
{
// Here is where you decide if you want to turn on this
// jsessionid munging. I have chosen to use a URL parameter
// munge_jsessionid as a trigger
return
true.equalsIgnoreCase(request.getParameter(munge_jsessionid));
}
static class ResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
{
private HttpServletRequest _request;
public ResponseWrapper(HttpServletRequest req,
HttpServletResponse rsp)
{
super(rsp);
_request = req;
}
public String encodeURL(String url)
{
if(url.contains(?))
url += jsessionid= + _request.getSessionId();
else
url += ?jsessionid= + _request.getSessionId();
return url;
}
}
}
I haven't even checked to see if this filter compiles, but the concept
is pretty clear: you change the way the jsessionid parameter is encoded
from using a ; to using ? or .
The thread in ooffice forum:
http://www.oooforum.org/forum/viewtopic.phtml?t=85789
The user Villeroy on this thread is correct when he announces his own
ignorance: ';' is a perfectly acceptable parameter delimiter for a URL.
This is a bug in the URL-handling library for OOo. Can you use
HttpURLConnection directly? I do not believe it has this limitation.
Can you post the code you have written using the OOo API? Is there any
particular reason you are using OOo instead of plain-old Java?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpJIM0ACgkQ9CaO5/Lv0PC+VACfXTVWWcuI+YQghiW2KAbGLxFS
awkAnA9UKdzMWxRLh4kDbIAxyvQvwLgX
=/oIx
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Mon, 2009-06-29 at 16:15 -0400, Christopher Schultz wrote: Hi, Chris ! Are you trying to change the URLs that are emitted in the HTML your application generates? Yes and no. Declarative security will only work if tomcat recognizes jsession id (either coming encoded in requested URL or set in JSESSIONID cookie). Without cookie support, authentication mechanism will be called for every request (one for the html/jsp page and many others for the referenced resources like images, js scripts and etc). If i only change URLs generated by our webapp (for instance from '/index.jsp;jsessionid=ABC' to '/index.jspjsessionid='ABC'), i THINK that ooffice will successfully send requests to Tomcat, but the container will can't infer jsession id and it will redirect to login page. So, you have written a simple client to: 1. Download a page 2. Convert that page 3. Follow links and go back to step #1 OOffice do the work. I just need to call load document :-) ?? If yes, then you will have to capture the session id somehow, so you can send it back to the server when you request additional pages. Without cookies or the ;jsessionid parameter, how will you know what the session id is? It's a feature to convert html reports to pdf: 1. Authenticated user fill a form and click a button; 2. On the server side, we - Capture session id using HttpSession.getId(); - Execute load document (ooffice) using url with encoded jsessionid (for instance, http://localhost:8080/path/generate_report;jsessionid=ABC?a=12b=1 ) - Execute export document to pdf (ooffice); - Close document (oofice); - Change the response content type to pdf and copy bytes from local file to response file. There are some cache mechanisms of course ;-). If you are just trying to remove the ;jsessionid=... from the URL, then the use of authentication is not relevant /after/ the login page is shown. I cannot expect the login page or ooffice will render the login page instead of the report page. I don't think you want to change the /incoming/ request, do you? Yes, i want :-) Take a look at this access log from tomcat: [29/Jun/2009:17:49:02 -0300] /path/index.jsp 200 2E9DE25E06EFEF475619B60647249809 GET /path/index.jsp HTTP/1.0 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 200 - OPTIONS /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 404 - GET /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 The first line is a successfully wget. The other two lines are unsuccessfully ooffice. It seems that ooffice is escaping the requested path :-( I was thinking in a Valve to receive a 'jsessionid=' and change to ';jsessionid=' before the processing of authentication/authorization mechanism. But i don't know if this is possible. I'll have to fix redirect response headers or... Okay, so it sounds like you want to either remove or change the way that the session id is encoded in URLs. This can be done by overriding the response's encodeURL and encodeRedirectURL methods using a filter: This is another part of the job: Generated URLs will use 'jsession' sintax instead of ';jsession' so they can make ooffice happy ;-) The user Villeroy on this thread is correct when he announces his own ignorance: ';' is a perfectly acceptable parameter delimiter for a URL. This is a bug in the URL-handling library for OOo. Can you use HttpURLConnection directly? I do not believe it has this limitation. I need ooffice to convert the reports. Thanks in advance ! -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. I was just wondering if was easier to modify/specialize tomcat behavior than my previous alternatives. On Mon, 2009-06-29 at 19:24 -0300, Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? Ok then, let me suggest maybe another architecture, a bit different, but where you might not have that problem. I will just propose the general outline. 7) the PDF button on the page, points to the same URL as the one by which the page was retrieved, plus an additional query parameter. For example : http://the original page URL...?p1=v1p2=v2fmt=PDF. (You could even generate that on-the-fly using some javascript) 8) you create a servlet filter around your webapp. This servlet filter, on the way in, picks up the additional parameter. If it is not there, it does nothing and the request is processed as usual, giving a html result page. If the additional parameter is there, the filter sets a flag (for example, request.setAttribute(x)) 9) the request is processed as normally by your webapp, generating the html response 10) on the way out, the filter intercepts the response. If the flag is not set, it does nothing and lets the html response through. If the flag is set, it does something totally different. 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). This way, OOo never has to deal with a URL, and thus also not with the jsessionid. You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget to retrieve the original page and its embedded content, rewriting the embedded URLs appropriately (it can do that), and then call OOo on the html file. One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 00:52 +0200, André Warnier wrote: Hi, Andre ! 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). I've used this approach once. But at that time, we only need the html source. Now i need the html source and all the referenced resources (images, csss, jss and another servlets/jsps). You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) I'll look. Thanks. You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). Yes, that is the problem. In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget I could use wget directly from a non protected servlet. But i'll prefer a java crawler (is there any port of wget to Java ?) because other developers use Microsoft Windows :-( One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? It doesn't. You have two alternatives: 1. Init just once oo server and serialize the access to it (throw a linked list of task or something like that); 2. Init a pool of oo servers (each one in a different port) and run each task in a different server. We already use oo in another part of our application and it works fine. The ideal, i think, is avoid to perform a lot of transformations online and cache generated files as much as possible. Thanks ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 01:02 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. Yes. But i don't need this request-response magic all the time. I just need this to make oo happy :-) 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. But i'll invoke the crawler specifying ';jsessionid='. With this, it will execute as the source client. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima email_danie...@yahoo.com.br wrote in message
news:1246314288.10803.6.ca...@magnaopus.no-ip.biz...
Yes !
Now imagine my frustration with ooffice escaping a ';' :-(
Browser, wget and other applications seems to work ok with URL encoded
jsessionid.
The custom valve isn't that complicated (but of course, it ties you to
Tomcat, and may need to be updated when you change from major releases). It
would probably look something like:
public class MySessionValve extends ValveBase {
public void invoke(Request request, Response response)
throws IOException, ServletException {
String sessionID = getSessionId(request);
if(sessionID != null) {
request.setRequestedSessionId(sessionID);
}
getNext().invoke(request, response);
}
private String getSessionId(Request request) {
// Logic to extract the sessionID from the request here
}
}
On all supported versions of Tomcat, this will be invoked before
authentication (or at least if you don't make major changes to the
configuration).
If this was my project, I'd probably take the big one-time pain of creating
a Tag to decide how to encode links (based on user-agent or otherwise) and
change all my pages to use it. Otherwise, a Filter that wraps the response
and overrides getWriter is probably easier than trying to wrap the TC
internal Response.
On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote:
Daniel Henrique Alves Lima wrote:
...
Hi.
If I understand what you are trying to do :
1) a client enters your application, authenticates, navigates, and
displays a result html page.
2) on this page, is a button that says get this page as PDF
3) the client clicks on that button, and is supposed to receive the same
page, but this time as a PDF.
4) At the server side, you want to use OOo to create the PDF version
from the html page
5) and OOo is capable, given a URL, to retrieve this page, and then
given appropriate commands, to return a PDF version of the page.
6) But OOo has trouble with the jsessionid part of the URL, although
it needs it in order to retrieve the page on behalf of the client.
Right ?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
If there must be trouble, let it be in my day,
that my child may have peace.
Thomas Paine
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
First of all: Thanks (Christopher, Andre, Bill and everybody) !
The complete solution is compound of 3 parts:
1. The Valve to process jsessionid (just a piece of the source code)
if (!request.isRequestedSessionIdFromCookie()) {
String jsessionid = request.getParameter(jsessionid);
if (jsessionid != null
request.getRequestedSessionId() == null) {
request.setRequestedSessionId(jsessionid);
request.setRequestedSessionURL(true);
}
}
Valve nextValve = getNext();
if (nextValve != null) {
nextValve.invoke(request, response);
}
I've configured this Valve in Tomcat specific webapp deployment
descriptor (context.xml)
2. The Servlet Filter to overwrite URL encoding (just a piece)
HttpServletRequest request = (HttpServletRequest) aRequest;
String jsessionid = request.getParameter(jsessionid);
String sessionId = request.getRequestedSessionId();
if (request.isRequestedSessionIdFromURL() jsessionid != null
jsessionid.equals(sessionId)) {
aResponse = new HttpServletResponseWrapper((HttpServletResponse)
aResponse) {
@Override
public String encodeRedirectURL(String url) {
return this.encodeURLImpl(super.encodeRedirectURL(url));
}
private String encodeURLImpl(String url) {
StringBuilder newURL = new StringBuilder(url);
final String searchString = ;jsessionid=;
int i = newURL.indexOf(searchString);
if (i = 0) {
int j = newURL.indexOf(?, i);
newURL.replace(i, i + 1, ?);
if (j = 0) {
newURL.replace(j, j + 1, );
}
}
return newURL.toString();
}
3. Tag libraries to handle url encoding properly
This was the easy part. We're using the grandpa of all Java web MVC
frameworks: Struts 1.x :-)
So i've just used 'html:' tags and the magic is done !
Now OO is happy and i (really) need to sleep.
Thanks !
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
