I have a URL in the following form...
htts://www.mysite/admin/userprofile.do
Using a servlet filter I want to prevent certain things in part of the URL. Using the following in web.xml...
<filter-mapping>
<filter-name>myFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
With an appropriate servlet-filter how could I change url-pattern to only manage the /admin/ portion of the URL (this is an old app that for whatever reason allows an XSS injection only in that portion). Is this possible?
<url-pattern>/admin/*</url-pattern>
You can achieve this like below :
<filter-mapping>
<filter-name>myFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
Related
I've created a custom cookie via Javascript and every time I logout, I want to remove this cookie from the browser. How/Where is the best place to perform this operation in the Hybris/Sap Commerce ecosystem?
You can use Spring MVC Interceptors like this.
<alias name="defaultBeforeControllerHandlersList" alias="beforeControllerHandlersList"/>
<util:list id="defaultBeforeControllerHandlersList">
<!-- List of handlers to run -->
<bean class="xyz.CheckUrlsBeforeControllerHandler">
<property name="checkedUrls" ref="checkUrlsList"/>
</bean>
</util:list>
Then Inside CustomHandler use guidCookieStrategy.deleteCookie(request, response);
to delete cookies.
I am using tuckey to rewrite URLs:
<rule>
<from>^/?([a-z-/]+)$</from>
<to>/$1.xhtml</to>
</rule>]
However..I have a webservice servlet hosted at:
/ws/service
How do I exclude that from Tuckey rewriting? With the existing rule this will forward the request to /ws/service.xhtml which doesn't exist.
Add the following rule:
<rule>
<from>^/ws/.*$</from>
<to last="true">-</to>
</rule>
I'm trying to use the URLRewriteFilter in combination with a number of different types of resources. It works perfectly fine for static resources and regular servlets. For JAX-RS-based services however, I get a 404.
This is the situation:
There are two web applications:
base
base#nested
Requests for /base/Something/nested/furtherPath need to be forwarded to /base/nested/furtherPath. This implies forwarding from the /base context to the /base/nested context.
To do that, I configured the URLRewrite filter on the /base context:
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>DEBUG</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
The rules (urlrewrite.xml) are as follows:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
"http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
<urlrewrite use-context="true">
<rule>
<from>/base/([^/]*)/([^/]*)/(.*)</from>
<to type="forward" context="base/nested">/$3</to>
</rule>
</urlrewrite>
The crossContext attribute of the /base context is set to true.
This works perfectly fine for regular servlets and static resources but not for JAX-RS services. I'm doing this in TomEE JAX-RS 1.6.0.
Your help is appreciated!
I'm trying to setup a 301 redirect for some pages on my site so I setup some rewrite mappings as:
<rewriteMap name="v2 structure">
<add key="/what-we-do/why-us" value="/who-we-are/knowledge/why-us" />
<add key="/what-we-do/why-us/sourcing-models" value="/who-we-are/knowledge/why-us/sourcing-models" />
</rewriteMap>
The site is multi language so the url will include the language:
www.domain.com/en/what-we-do/why-us should redirect to www.domain.com/en/who-we-are/knowledge/why-us
www.domain.com/es/what-we-do/why-us should redirect to www.domain.com/es/who-we-are/knowledge/why-us
The mapping that I have doesn't trigger because of the language on the url. I can make it work by adding the language to the key and value on the mapping but i would had to repeat the mapping for each different language that the site has.
Is there a way to match trigger the rules mapped ignoring the language on the url?
Thank you,
Joao
<authentication mode="Forms">
<forms name="ASPAuth"
path="/Admin"
timeout="20"
requireSSL="false"
slidingExpiration="true" />
</authentication>
On my dev system I have the above in my web.config. This works fine if I am using VS web server. But when I host the same website on my IIS7 using a virtual directory it doesn't.
VS Url looks like: http://localhost:xxxx/
IIS URL looks like: http://MachineName/MyApp/.
When accessing the website through IIS the IsAuthenticated is always false. I figured out that it's because the cookie is being assigned to http://MachineName/Admin/ not http://MachineName/MyApp/Admin.
How I make it so that "Admin" is a relative path? I tried path="~/Admin" but that doesn't work.
Thanks!
Try putting a transformation into your Web.Release.Config:
<authentication mode="Forms">
<forms name="ASPAuth"
path="/MyApp/Admin"
timeout="20"
requireSSL="false"
slidingExpiration="true"
xdt:Transform="Replace"
xdt:Locator="Match(key)"/>
</authentication>
Answer:
It's simply not possible to do it at this stage. You cannot have a relative path with a tilda (~) in your web.config for forms authentication path unless you're willing to write your own HttpModule.
See this post (and the comments):
http://www.west-wind.com/weblog/posts/2008/Jan/20/Forms-Authentication-and-path-in-the-forms-Tag