On Mon, 2009-06-29 at 16:15 -0400, Christopher Schultz wrote:
Hi, Chris !
>
> Are you trying to change the URLs that are emitted in the HTML your
> application generates?
Yes and no. Declarative security will only work if tomcat recognizes
jsession id (either coming encoded in requested URL or set in JSESSIONID
cookie). Without cookie support, authentication mechanism will be called
for every request (one for the html/jsp page and many others for the
referenced resources like images, js scripts and etc).
If i only change URLs generated by our webapp (for instance from
'/index.jsp;jsessionid=ABC' to '/index.jsp&jsessionid='ABC'), i THINK
that ooffice will successfully send requests to Tomcat, but the
container will can't infer jsession id and it will redirect to login
page.
>
> So, you have written a simple client to:
>
> 1. Download a page
> 2. Convert that page
> 3. Follow links and go back to step #1
OOffice do the work. I just need to call "load document" :-)
>
> ??
>
> If yes, then you will have to capture the session id somehow, so you can
> send it back to the server when you request additional pages. Without
> cookies or the ;jsessionid parameter, how will you know what the session
> id is?
It's a feature to convert html reports to pdf:
1. Authenticated user fill a form and click a button;
2. On the server side, we
- Capture session id using HttpSession.getId();
- Execute load document (ooffice) using url with encoded
jsessionid
(for instance,
http://localhost:8080/path/generate_report;jsessionid=ABC?a=12&b=1 )
- Execute export document to pdf (ooffice);
- Close document (oofice);
- Change the response content type to pdf and copy bytes from
local
file to response file.
There are some cache mechanisms of course ;-).
> If you are just trying to remove the ";jsessionid=..." from the URL,
> then the use of authentication is not relevant /after/ the login page is
> shown.
I cannot expect the login page or ooffice will render the login page
instead of the report page.
>
> I don't think you want to change the /incoming/ request, do you?
Yes, i want :-)
Take a look at this access log from tomcat:
[29/Jun/2009:17:49:02 -0300] /path/index.jsp 200
2E9DE25E06EFEF475619B60647249809 GET /path/index.jsp HTTP/1.0
[29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 200 -
OPTIONS /path/index.jsp%3Bjsessionid=ABC HTTP/1.1
[29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 404 -
GET /path/index.jsp%3Bjsessionid=ABC HTTP/1.1
The first line is a successfully "wget". The other two lines are
unsuccessfully "ooffice". It seems that ooffice is escaping the
requested path :-(
I was thinking in a Valve to receive a '&jsessionid=' and change to
';jsessionid=' before the processing of authentication/authorization
mechanism. But i don't know if this is possible.
I'll have to fix redirect response headers or...
>
> Okay, so it sounds like you want to either remove or change the way that
> the session id is encoded in URLs. This can be done by overriding the
> response's encodeURL and encodeRedirectURL methods using a filter:
This is another part of the job: Generated URLs will use '&jsession'
sintax instead of ';jsession' so they can make ooffice happy ;-)
> The user "Villeroy" on this thread is correct when he announces his own
> ignorance: ';' is a perfectly acceptable parameter delimiter for a URL.
> This is a bug in the URL-handling library for OOo. Can you use
> HttpURLConnection directly? I do not believe it has this limitation.
I need ooffice to convert the reports.
Thanks in advance !
--
"If there must be trouble, let it be in my day,
that my child may have peace."
Thomas Paine
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
