http://www.docjar.com/docs/api/javax/servlet/http/HttpServletRequest.html
try getRequestURI
(instead of getURI)
HTH,
M-
This e-mail communication and any attachments may contain confidential and
privileged information for the use of the
designated recipients named above. If you are not the intended recipient, you
are hereby notified that you have received
this communication in error and that any review, disclosure, dissemination,
distribution or copying of it or its
contents
----- Original Message -----
From: "James Crosson" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, November 17, 2006 3:01 PM
Subject: Re: Filters, Security, Tomcat and Configuration
Thanks for your kind reply. I am having a bear of a time figuring out why
I can't compile my filter. It is giving me the simple java error:
com\xxxxx\view\filters\AccountFilter2.java:20: cannot find symbol
symbol : method getURI()
location: interface javax.servlet.http.HttpServletRequest
String URI = ((HttpServletRequest)request).getURI();
I've quadruple checked what I'm including:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
Any idea what my deal could be? My classpath includes the main class
tomcat's servlet-api.jar and I'm also tried including servlet.jar to no
avail.
James
On Thu, 16 Nov 2006 16:05:43 -0500, Christopher Schultz
<[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> James,
>
> James Crosson wrote:
>> I believe that a <url-pattern> strategy will be more trouble than it is
>> worth beacuse it seems you can't pass a regular expression, but so far I
>> have not been able to nail down a Filter.
>
> Filters are really the way to go, here, and they're relatively easy to
> write and use. First, you have to write your filter, which is pretty
> simple, right?
>
> public class BadURLFilter
> implements Filter
> {
> public void doFilter(ServletRequest request,
> ServletResponse response,
> FilterChain chain)
> throws IOException, ServletException
> {
> // Check the URL -- need an HttpServletRequest for that
> if(request instanceof HttpServletRequest)
> {
> String URI = ((HttpServletRequest)request).getURI();
>
> // Bomb if there is a "bad" URI
> if(URI.contains(".."))
> {
> // Not sure what you want to do here.
>
> ((HttpServletResponse)response)
> .sendError(HttpServletResponse.SC_FORBIDDEN);
>
> return;
> }
> }
>
> chain.doFilter(request, response);
> }
> }
>
>
> That's the simplest filter that could possibly work. A few things to
> consider:
>
> 1. What do you want to do when you find a bad URL. I simply
> return a 403 FORBIDDEN status code.
> 2. Are there any URIs that might be okay to contain ".."?
> For instance, if you have a servlet that uses the "extra
> path info" to do something might allow a URI to contain
> "..", in which case this filter will break your app.
>
> I hope that can get you started.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFXNKn9CaO5/Lv0PARAp9QAJ96nP3rLSMlmO8+4I9ALz7ikHi6OACfSKnm
> 2oXR665ulKq5ePCON3C2RAI=
> =GJPM
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
http://www.JamesCrosson.net
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
