Hi Mark,
On Sun, Jun 16, 2019 at 2:25 AM Tommy Pham <tommy...@gmail.com> wrote: > Hi Chris, > > Thank you for the feedback. > > On Sat, Jun 15, 2019 at 10:44 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Tommy, >> >> On 6/15/19 21:51, Tommy Pham wrote: >> > Hi Mark, >> > >> > After some research and thought about internal application flow, I >> > think the 'cleanest' is have TC's default servlet handle the *.html >> > requests and use the assigned filter to restrict the access as >> > desired. Is there a better approach? On that plan, I have this >> > mapping for TC's default servlet and init: >> > >> > Filter AppFilterAccessLog's servlet mapping: Servlet name: default >> > , registered class: org.apache.catalina.servlets.DefaultServlet. >> > Servlet default's mapping: /img/* /css/* /WEB-INF/* >> >> Uh... you sure you want that? What is stopping a client from requesting >> /WEB-INF/web.xml? >> >> > /js/* Servlet default's init parameters: listings: false debug: 0 >> > >> > If I use *.html instead of /WEB-INF/*, it goes into infinite loop >> > redirecting / forwarding until exception is thrown (I think that >> > root cause is servlets' startup ordering). Below are what my >> > access log filter see for HttpServletRequest: >> > >> > Attributes: javax.servlet.forward.request_uri=/erm-0.0.1-SNAPSHOT/ >> > javax.servlet.forward.context_path=/erm-0.0.1-SNAPSHOT >> > javax.servlet.forward.servlet_path= >> > javax.servlet.forward.path_info=/ >> > >> > javax.servlet.forward.mapping=org.apache.catalina.core.ApplicationMapp >> ing$MappingImpl@7fc1f887 >> > >> > >> org.apache.logging.log4j.web.Log4jServletFilter.FILTERED=true >> > Class: org.apache.catalina.core.ApplicationHttpRequest >> > DispatcherType: FORWARD [javax.servlet.DispatcherType] >> > HttpServletMapping: Class: >> > org.apache.catalina.core.ApplicationMapping$MappingImpl >> > MappingMatch: PATH MatchValue: setup/step_0.html Pattern: >> > /WEB-INF/* ServletName: default >> > >> > Below is from the actual filter assigned to TC's default servlet >> > intended to restrict access: >> > >> > ContextPath: /erm-0.0.1-SNAPSHOT DispatcherType: FORWARD PathInfo: >> > /setup/step_0.html PathTranslated: >> > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\setup\step_0.html >> > >> > >> Method: GET >> > RequestURI: /erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html >> > RequestURL: >> > http://localhost:8080/erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html >> > ServletPath: /WEB-INF ServletContext.ServletContextName: erm >> > response: org.apache.catalina.connector.ResponseFacade >> > >> > I think everything seems correct except the PathTranslated. It >> > should be: >> > >> > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\WEB-INF\setup\step_ >> 0.html >> > >> > where the file is. I'm unable to find out why it's wrong after a >> > couple hours of searching since the the browser shows an empty >> > page... The string "/WEB-INF/setup/step_0.html" was passed to >> > request.getRequestDispatcher(). According to the doc [1], " If the >> > path begins with a "/" it is interpreted as relative to the current >> > context root." everything is as it should be right, other than >> > PathTranslated? Or did I misunderstood the usage of >> > getRequestDispatcher().forward()? Currently, I have 4 filters in >> > place and all are in passive monitoring mode. None of them have >> > the code logic to perform their intended functions. 3 filters >> > mapped to URL /* and one assigned to TC's default servlet. I'll >> > work out their filtering order before the intended functions are >> > implemented. >> >> Filters are applied in a predictable order. I highly recommend reading >> the servlet specification to see how these things are defined to work. >> It's quite readable. >> >> Why not allow Tomcat to serve everything in the web application (other >> than /WEB-INF/* and /META-INF/*) as usual? What is it that you need to >> put into there that you can't hide in some other way? >> >> It sounds like you are unnecessarily complicating your life. >> >> - -chris >> > > I was using "/WEB-INF/*" as a test of the scaffolding for my application > since previously "*.html" ended up infinite loop which, eventually, it > threw an exception. Now that I've got "*.html" working, I'm still getting > a blank page. The HTML files are only served as UI for the initial setup > of the application. There won't be any static files other than JS, CSS, > and images when the application is fully configured by administrator. Here > are the servlets configuration: > > Servlet name: default , registered class: > org.apache.catalina.servlets.DefaultServlet. > Servlet default's mapping: > /img/* > /css/* > /js/* > *.html > Servlet default's init parameters: > listings: false > debug: 0 > Servlet name: AppServlet , registered class: com.sointe.web.AppServlet. > Servlet AppServlet's mapping: > / > Servlet AppServlet's init parameters: > Servlet name: jsp , registered class: org.apache.jasper.servlet.JspServlet. > Servlet jsp's mapping: > *.jspx > *.jsp > Servlet jsp's init parameters: > fork: false > xpoweredBy: false > > And HttpServletRequest's info: > > Attributes: > javax.servlet.forward.request_uri=/erm-0.0.1-SNAPSHOT/ > javax.servlet.forward.context_path=/erm-0.0.1-SNAPSHOT > javax.servlet.forward.servlet_path=/ > > javax.servlet.forward.mapping=org.apache.catalina.core.ApplicationMapping$MappingImpl@5e9215c0 > org.apache.logging.log4j.web.Log4jServletFilter.FILTERED=true > DispatcherType: FORWARD [javax.servlet.DispatcherType] > HttpServletMapping: > Class: org.apache.catalina.core.ApplicationMapping$MappingImpl > MappingMatch: EXTENSION > MatchValue: WEB-INF/setup/step_0 > Pattern: *.html > ServletName: default > > and the actual filter assigned to TC's default servlet to restrict access: > > AppFilterStaticFiles.doFilter:52 - Class: > org.apache.catalina.core.ApplicationHttpRequest > AppFilterStaticFiles.doFilter:53 - ServletContext Class: > org.apache.catalina.core.ApplicationContextFacade > AppFilterStaticFiles.doFilter:54 - ContextPath: /erm-0.0.1-SNAPSHOT > AppFilterStaticFiles.doFilter:55 - DispatcherType: FORWARD > AppFilterStaticFiles.doFilter:56 - Method: GET > AppFilterStaticFiles.doFilter:57 - PathInfo: null > AppFilterStaticFiles.doFilter:58 - PathTranslated: null > > AppFilterStaticFiles.doFilter:59 - getServletContext().getRealPath() of > ServletPath: > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\WEB-INF\setup\step_0.html > > AppFilterStaticFiles.doFilter:60 - RequestURI: > /erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html > AppFilterStaticFiles.doFilter:61 - RequestURL: > http://localhost:8080/erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html > AppFilterStaticFiles.doFilter:62 - ServletPath: /WEB-INF/setup/step_0.html > AppFilterStaticFiles.doFilter:63 - ServletContext.ServletContextName: erm > AppFilterStaticFiles.doFilter:67 - response: > org.apache.catalina.connector.ResponseFacade > > In looking at the code for ApplicationHttpRequest [1] for the > getPathTranlated() > > @Override > public String getPathTranslated() { > if (getPathInfo() == null || getServletContext() == null) { > return null; > } > return getServletContext().getRealPath(getPathInfo()); > } > > and for the getRequestDispatcher() > > if (pathInfo == null) { > requestPath = servletPath; > } else { > requestPath = servletPath + pathInfo; > } > > Perhaps the getPathTranslated() could be ? > > if ( getServletContext() != null) { > if (getServletPath() != null) { > if (getPathInfo() != null) { > > return getServletContext().getRealPath(getServletPath() + > getPathInfo()); > } > return getServletContext().getRealPath(getServletPath()); > } > } > return null; > > I think that would also fix the translated path I saw earlier which > resulted in a blank page for the browser. > > Thanks, > Tommy > > > [1] > https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/core/ApplicationHttpRequest.java > > >From my findings, do you it's a bug with the getPathTranslated? Should I submit a bug report with the details of my finding? Thanks, Tommy > -----BEGIN PGP SIGNATURE----- >> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ >> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0F1yoACgkQHPApP6U8 >> pFgu2g//RlYf7TmtSzoh5pUsunI5U12r/y99sgO6nGe7cDyjqKeBUJrIOWU52ay4 >> hrUc/I7H2v9BT38bAB1ql4L963ssh7v11erjUtXYqENiBRNX6gF9KPzNkDYLqJqc >> Va5W+a8WpTiQDu5rW1TUP3sgSxRNtjrumLQou/afP6Mggadx9uDzIlN8WnUgHihX >> a2s3hsxU/uK4RYjNNXdZWB8Kyt+nb7C4PH197WV7zohvnxFLIa+JHnAXwu8BnD47 >> qLjAyfOEqycpH+jCQ0VOyz863KAM623tS20a6IVCmfGQdNtW3rYCjTiUl4Ck4c1Z >> vpe71rnNn+wnq3tKlv6KRvnIKkqdP/yda4c6zSqnLrQZJaHYivgU/kSGm74KgSaU >> jE/PQeRgbZVdWaaWMS+vY5n8BVinad+NZlP4clblzCnjCIEHRE1vlPN4jD5FAVY9 >> kF97H8r6o4wWamkHACSgiRvO6eXmL0E9I0hDOXayWLSoTeQP8kLuWbJYMcWCMy/t >> p1SlbIi8MvFB5ZLZPynMxC2vhxc2ecuN4qPwQSPhZci5ejUZ5FfNQ7Pq84yWNq6/ >> 6oTn9OpitGHoTQuC1EouClCS2Ky5NkwepbOrWzb7qbAA33q0UG0vE+9SZtbrqueV >> mCzh49FkuKxAlajrSWOKu1fm+HpLLYHacUXVoRuHGnXzd7vsVEg= >> =QyrT >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
