Any update on this Chris Schultz or anyone else? I know the images I added to
the email didn't show up, so if you want me to email them directly to you, I
can.
Could really do with help on this, as it is not something I know much about.
Thanks
Seema
> From: seema...@hotmail.com
> To: users@tomcat.apache.org
> Subject: RE: HttpServletRequest Tomcat 5.5.29 to 7.0.52
> Date: Fri, 14 Mar 2014 15:15:04 +0000
>
>
>
> > Date: Fri, 14 Mar 2014 08:36:08 -0400
> > From: ch...@christopherschultz.net
> > To: users@tomcat.apache.org
> > Subject: Re: HttpServletRequest Tomcat 5.5.29 to 7.0.52
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Seema,
> >
> > On 3/14/14, 7:53 AM, Seema Patel wrote:
> > > I have upgraded my tomcat (5.5.29 to 7.0.52) and Java (1.5 to 1.7)
> > > for my struts servlet jsp application. I have also removed all
> > > JCIFS authentication from the WEB-INF/web.xml file and have tried
> > > to do BASIC authentication through Tomcat and the AD (it
> > > authenticates me, but not sure if I've missed anything out, as I've
> > > never done this before).
> >
> > One question at a time, please ;)
>
> Sorry for the off-loading of multiple questions :-)
>
> >
> > > I have a doFilter function in my code, which contains
> > > httpServletRequest.getServletPath() call. In the Tomcat 5.5.29 Java
> > > 1.5 version, this will work, as when I print
> > > httpServletRequest.getServletPath() i get the following:
> > >
> > > P1_00.do P5_0_0.do P5_0_1.do
> > >
> > > But in Tomcat 7.0.52 Java 1.7 I get the following from
> > > httpServletRequest.getServletPath() call:
> > >
> > > P1_00.do P5_0_0.do P5_0_1.do includes/tab_defaultsettings.jsp
> > > includes/P1_00.do
> >
> > How are you printing this? Do you just have a Filter that wraps
> > everything and dumps-out the ServletPath for every request? Can you
> > post the code for that Filter as well as the <filter> and
> > <filter-mapping> configuration you have in web.xml?
> >
>
> I'm just doing a System.out.println() in the doFilter function in the
> RequestFilter class to show which page it is. The doFilter function is:
>
>
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException {
> if (request instanceof HttpServletRequest) {
> final HttpServletRequest httpRequest =
> (HttpServletRequest)request;
> final Object userBeanObject =
> httpRequest.getSession().getAttribute(GenConstants.LOGGED_IN_USER_BEAN);
> final String pageName =
> httpRequest.getServletPath().replaceAll("/","");
> System.out.println("Request Page = " +
> httpRequest.getServletPath());
> if (unsecuredPages.contains(pageName)) {
> // don't need any protection
> chain.doFilter(request, response);
> } else if (!(userBeanObject instanceof UserBean)) {
> // no user bean in session do need one, invalidate session
> and redirect to login
> if (httpRequest.getSession(false) != null) {
> httpRequest.getSession().invalidate();
> }
> ((HttpServletResponse)response).sendRedirect(logonPage);
> } else {
> final UserBean user = (UserBean) userBeanObject;
> Map<String,LogicalOperation> permissions =
> (Map<String,LogicalOperation>)context.getAttribute(GenConstants.PERMISSIONS_MAP);
> if(permissions == null) {
> PermissionsUtil.setupPermissions(context);
> permissions =
> (Map<String,LogicalOperation>)context.getAttribute(GenConstants.PERMISSIONS_MAP);
> }
> final LogicalOperation requiredOp =
> permissions.get(pageName.replaceAll("\\.do",""));
> if (user.isOperationAllowed(requiredOp)) {
> chain.doFilter(request, response);
> } else {
> if (httpRequest.getSession(false) != null) {
> httpRequest.getSession().invalidate();
> }
> ((HttpServletResponse)response).sendRedirect(logonPage);
> }
> }
> }
> }
>
> To give you a better idea of what was in the web.xml, here is what's been
> taken out:
>
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.smb.client.soTimeout</param-name>
> <param-value>30000</param-value>
> </init-param>
>
> <!-- always needed for preauthentication / SMB signatures -->
> <init-param>
> <param-name>jcifs.smb.client.domain</param-name>
> <param-value>XXX.LOCAL</param-value>
> </init-param>
> <!-- SMB message signing requires a valid existing login -->
> <init-param>
> <param-name>jcifs.smb.client.username</param-name>
> <param-value>username</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.password</param-name>
> <param-value>password</param-value>
> </init-param>
> <!-- Set the logging level -->
> <init-param>
> <param-name>jcifs.util.loglevel</param-name>
> <param-value>2</param-value>
> </init-param>
> <!-- allow non-IE browsers to use basic auth -->
> <init-param>
> <param-name>jcifs.http.insecureBasic</param-name>
> <param-value>true</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>*.do</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> </filter-mapping>
>
> Here is what is still in the web.xml file (pre-upgrade and now):
>
> <filter>
> <filter-name>ADGroupFilter</filter-name>
> <filter-class>com.xxx.xxx.ADGroupFilter</filter-class>
> <init-param>
> <param-name>AllowedGroups</param-name>
>
> <param-value>G-xxx1,G-PORTAL-xxx2,G-PORTAL-xxx3,G-PORTAL-xxx4,G-PORTAL-xxx5,G-PORTAL-xxx6,G-PORTAL-xxx7,G-PORTAL-xxx8,G-PORTAL-xxx9,G-PORTAL-xxx10,G-PORTAL-xxx11,
> G-PORTAL-xxx12,G-PORTAL-xxx13,G-PORTAL-xxx14,G-PORTAL-xxx15</param-value>
> </init-param>
> </filter>
> <filter>
> <filter-name>Auth Filter</filter-name>
> <filter-class>com.xxx.xxx.RequestFilter</filter-class>
> <init-param>
> <param-name>LogonPage</param-name>
> <param-value>P1_00.do</param-value>
> </init-param>
> <init-param>
> <param-name>UnsecuredPages</param-name>
> <param-value>P1_00.do,UnauthorisedAccess.jsp</param-value> <!--
> separated by commas -->
> </init-param>
> </filter>
> <filter>
> <filter-name>NoCacheFilter</filter-name>
> <filter-class>com.xxx.xxx.NoCacheFilter</filter-class>
> <!-- Added the 3 init paramaters post upgrade -->
> <init-param>
> <param-name>Cache-Control</param-name>
> <param-value>no-cache</param-value>
> </init-param>
> <init-param>
> <param-name>Cache-Control</param-name>
> <param-value>no-store</param-value>
> </init-param>
> <init-param>
> <param-name>Pragma</param-name>
> <param-value>no-cache</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>NoCacheFilter</filter-name>
> <url-pattern>/includes/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>NoCacheFilter</filter-name>
> <url-pattern>/</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>ADGroupFilter</filter-name>
> <url-pattern>*.do</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>ADGroupFilter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>Auth Filter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> <url-pattern>*.do</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
>
>
> This is the code I have added to replace the JCIFS code (which I'm not sure
> if I've done correctly):
>
> <security-constraint>
> <display-name>your web app display name</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- <role-name>source</role-name> -->
> <role-name>G-xxx1</role-name>
> <role-name>G-PORTAL-xxx2</role-name>
> <role-name>G-PORTAL-xxx3</role-name>
> <role-name>G-PORTAL-xxx4</role-name>
> <role-name>G-PORTAL-xxx5</role-name>
> <role-name>G-PORTAL-xxx6</role-name>
> <role-name>G-PORTAL-xxx7</role-name>
> <role-name>G-PORTAL-xxx8</role-name>
> <role-name>G-PORTAL-xxx9</role-name>
> <role-name>G-PORTAL-xxx10</role-name>
> <role-name>G-PORTAL-xxx11</role-name>
> <role-name>G-PORTAL-xxx12</role-name>
> <role-name>G-PORTAL-xxx13</role-name>
> <role-name>G-PORTAL-xxx14</role-name>
> <role-name>G-PORTAL-xxx15</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>org.apache.catalina.realm.JNDIRealm</realm-name>
> <!-- <realm-name>Axis Basic Authentication Area</realm-name> -->
> </login-config>
>
> <security-role>
> <role-name>G-xxx1</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx2</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx3</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx4</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx5</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx6</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx7</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx8</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx9</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx10</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx11</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx12</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx13</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx14</role-name>
> </security-role>
> <security-role>
> <role-name>G-PORTAL-xxx15</role-name>
> </security-role>
>
> Then there's some other stuff in here, such as <servlet>, <servlet-mapping>,
> <session-config>, <mime-mapping>, <welcome-file-list>, <context-param>,
> <listener>, <resource-ref>, <error-page>
>
>
> > > This is for the same page I'm calling. I would like to know if
> > > something has changed in the way Tomcat 7.0.52 handles this call
> > > from the way it used to in 5.5.29.
> > >
> > > I'm trying to eliminate either Tomcat or Java from this issue, as
> > > nothing else has been changed besides the upgrade of these two
> > > (except for WEB-INF/web.xml, which may also be the cause, if so,
> > > is this something that this group could help me with?).
> >
> > The servlet spec has changed slightly in the intervening versions. It
> > may depend upon your configuration that I requested above.
> >
> > Are you having a specific problem, or are you just wondering why you
> > are seeing more output?
> >
>
> Yes it is a specific problem, the page doesn't load all the data and
> information. Basically the page should be a load of tabs (created by Yahoo
> User Interface 2.6.0 - I know this is out of date, but the new version is
> considerably different and will take a long time for me to learn and re-do),
> then some of the tabs will have sub tabs (hence the
> includes/tab_defaultsettings.jsp as one of the additional calls). So on the
> upgraded version the data on the tabs don't load, it sort of pushes the data
> up (not sure if you can see the screenshot here):
>
>
>
> whereas the pre-upgrade loads the data and sub-tabs:
>
>
>
> I hope this helps and I've not overloaded again :-)
>
>
> > - -chris
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> > Comment: GPGTools - http://gpgtools.org
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iQIcBAEBCAAGBQJTIve2AAoJEBzwKT+lPKRYGO8QAJBevD64cmJWvC6D9qjCXnwm
> > qlhfOIySRsmBIz6PPXyH1k2+H3YkRJEsTAiqdsGZ+WASc8tDQvPFrC3wyZB6p3ft
> > n2lNYYEMhBid39ahrFv+RlgKOsTd3enHiLeiVdD1wuub/P4fj3yEkR0+aM+CoSrl
> > n06SgLAU4CN9qrYi+nTx4tvlzCElEjbWVkw/PJgKJGB9x4uM5eueZXdri8ymDiLI
> > a/eaZA5PW4jow+xXLgoBsPSVsrggjUjPdsvz7byMF324Syin73xrjm4WNkWchLD0
> > e8R8u6Ozew/e3uTTiyGh9WHTacNPAKb0er8jAIwYXTddqxYbnnbnFGAyc5jmLtmp
> > QAgn2xW1SRYJiQu7cuBOCO5uJY6uOkSYpj2NKYNMuCKi8MMaKp9XYY/D/CLNjvFP
> > YQhHySdwaPsjEprmU/IfMt+3uzRn6TFKsDBJA7LA8Jotv64kobohjkoTk6A6ihPJ
> > mGBOPQtdUw4kYSbq0ETSqcUnW2vM5V3VaaouL5+jmKIwjtbyN48rh8OKO6qz2gaR
> > mpLy3Zgu4KGCAEsIEuTjs0D6fHDpmSzsm03Ai1glHXrIZG6mRSU7J2z3XtlACsWO
> > bcRzOBCLOfxCBUYUD6PKqcOW0D0sfWfoQqTxqqTbb1mJkH/9I7zRZjTH/Gl+jxQ4
> > fh3XbIAaQ5WNR3BQHWOW
> > =cBU1
> > -----END PGP SIGNATURE-----
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
