I am running two war files in single tomcat. example app1 and app2. Now I want to block some of the HTTP methods for app2 alone without touching the tomcat own web.xml. So I have created a web.xml for app2 and place it under WEB_INF.
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
</web-app>
when I hit URL as host:port/app2/ it will give response as 403.
but when I hit host:port/app2 getting response as 200.
Now I have to block host:port/app2 this URL also. How can I change the url-pattern to achieve this.
Related
I am running two different applications(war files) in single tomcat. those two may contact each other.
Now I want to block some of the HTTP methods for application2. So I have added the following into my web.xml in tomcat config folder,
<security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern>/app2/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
After adding this also I am not getting 403 response for OPTIONS request. it's giving response as 200. but
<security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
without mentioning app2 in URL pattern it's giving 403 response for OPTIONS request.
Now my question is how can I block some HTTP methods for my application2 alone?
Ihanks in advance.
I have an ear file built which has a war file inside.The war has web.xml which has servlet defined:
<servlet>
<servlet-name>ExcelDownload</servlet-name>
<servlet-class>web.ExcelDownload</servlet-class>
<multipart-config>
**<!--<max-file-size>1048576</max-file-size> -->**
</multipart-config>
</servlet>
The problem here is my in ear file max-file-size is commented that means there are no attributes defined for the multipart-config. But when I deploy my ear on WebSphere 8.5.5.9, it changes my web.xml to:
<servlet>
<servlet-name>ExcelDownload</servlet-name>
<servlet-class>com.ofss.infra.web.ExcelDownload</servlet-class>
<multipart-config>
<max-file-size>0</max-file-size>
**<max-request-size>0</max-request-size>**
<file-size-threshold>0</file-size-threshold>
</multipart-config>
</servlet>
Since the max-file-size attribute is defined as zero in web.xml I am not not able to use HTTP request to upload the file to server.
I need help on to understand why the attribute is being added by WAS though its not available in ear. I did my digging I tried during deployment not to use metadata-complete attribute to false then instead of changing web.xml WAS has created a new file web_merged.xml (this has max-file-size set to zero) and am still facing the issue.
I've recently setup a new Weblogic 12c environment. On deploying an application that I know works in Weblogic 11g I get the error "The url-pattern /resources/* in web application is mapped to multiple Servlets."
The mapping it's referring to is in the web.xml inside the application.ear that's being deployed, but it's only mapped once:
<servlet-mapping>
<servlet-name>velocity</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
The project doesn't contain any other references to the url pattern /resources/*, can someone explain where the duplicated mapping is coming from and how I can work around it?
The closest issue I could find is this: https://bugster.forgerock.org/jira/si/jira.issueviews:issue-html/OPENAM-7947/OPENAM-7947.html, which has been marked as unreproducible.
Full stack trace from deployment:
<Error> <Deployer> <BEA-149205> <Failed to initialize the application "<application_name>" due to error weblogic.application.ModuleException: weblogic.management.DeploymentException: [HTTP:101401]The url-pa
ttern /resources/* in web application <application_name> is mapped to multiple Servlets.
weblogic.application.ModuleException: weblogic.management.DeploymentException: [HTTP:101401]The url-pattern /resources/* in web application <application_name> is mapped to multiple Servlets.
at weblogic.application.internal.ExtensibleModuleWrapper.prepare(ExtensibleModuleWrapper.java:114)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:100)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:192)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:187)
at weblogic.application.utils.StateMachineDriver$ParallelChange.run(StateMachineDriver.java:83)
at weblogic.application.utils.StateMachineDriver.nextStateInParallel(StateMachineDriver.java:144)
at weblogic.application.internal.flow.ModuleStateDriver.parallelPrepare(ModuleStateDriver.java:46)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:75)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:55)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:731)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:45)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:243)
at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:66)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:65)
at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:158)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:41)
at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:193)
at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:31)
at weblogic.management.deploy.internal.ConfiguredDeployments$2.doItem(ConfiguredDeployments.java:684)
at weblogic.management.deploy.internal.parallel.BucketInvoker.invoke(BucketInvoker.java:138)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionAppsParallel(ConfiguredDeployments.java:692)
at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:322)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:202)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:207)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:129)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)
at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1262)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:332)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:374)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:471)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:232)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2020)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:114)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:88)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1213)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1144)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:666)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:640)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:406)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
If you use web annotations in java code, you don't have to declare the servlet in the web.xml file any more.
You can try by removing the corresponding "servlet" and "servlet-mapping" tags in web.xml
It seems that WebLogic 12.1.3 can deal with double declaration (inline annotation & xml) but not anymore in WebLogic 12.2.
I had this error with #webservice annotation when I specified the "serviceName" parameter and when I declared the servlet in web.xml file with the same value.
The issue doesn't exist in version 12.1.3 (which happened to be the version we were meant to be upgrading to).
Weblogic as of version 12.2.1.3 automatically registers a JAX-RS servlet to the path /resources/* in certain scenarios (e.g. some dependency like jackson-jaxrs-json-provider "requests" it via annotation/spi/moduleinfo). But if this path is already registered by another service the mentioned error is thrown.
There are 3 possible solutions one can try:
In our case the issue was coming from classpath scanning for web services components, and finding annotated services in the webservices-rt jar. That scanning needed to be switched off.
Setting the metadata-complete attribute to true in the web.xml descriptor if your Web application does not have any annotations and if you have the version set to 2.5 or higher to avoid unnecessary scanning of the Web applications classes for annotations. E.g.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0"
metadata-complete="true">
<servlet>
<servlet-name>sample</servlet-name>
<servlet-class>Sample</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>sample</servlet-name>
<url-pattern>/sample</url-pattern>
</servlet-mapping>
</web-app>
Alternatively, you can turn off annotation processing and DI for all the Web applications by setting -Dweblogic.servlet.DIDisabled=true flag when starting WebLogic Server.
Registering another path for jersey in the web.xml to e.g. /jersey/*
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/jersey/*</url-pattern>
</servlet-mapping>
Try removing the FATP jars which were added after 12.2 upgrade. This worked for me.
I use NetBeans and Tomcat 7.0.4.2 and would like to change URL address of my project from localhost:8080/Servlet to localhost:8080/. In web.xml I changed servlet URL address from <url-pattern>/Servlet</url-pattern> to <url-pattern>/</url-pattern>.
The problem is I can't load resource files now and get errors in browser console log:
Failed to load resource: the server responded with a status of 404 (Not Found) (11:45:14:149 | error, network)
at src/main/webapp/scripts/aui-min_2.0.0.js
The path to resource files is src/main/webapp/scripts and in JSP file I use this path
<script type="text/javascript" src="scripts/aui-min_2.0.0.js"></script>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>socialgraphui.Servlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
The url pattern / is is used by default servlet which is capable of loading static resources that isn't mapped by other servlets. When you switched to this pattern it's stopped working. So, you should keep a servlet mapping.
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/Servlet</url-pattern>
</servlet-mapping>
If you want to start from the index page use a index.jsp that is listed in <welcome-file-list> configuration. The index page can redirect to the servlet using
response.sendRedirect(request.getContextPath() +"/Servlet");
To load static resource use servlet context path like that
<script type="text/javascript" src="${pageContext.request.contextPath}/scripts/aui-min_2.0.0.js"></script>
I'm trying to load images (and other static content) from a server outside of my web application which is deployed to Glassfish v3. I have the following configs in the web.xml but it does not work on Glassfish (but it works on Tomcat):
<servlet>
<servlet-name>ExternalImagesServlet</servlet-name>
<servlet-class>com.example.servlet.HttpProxyServlet</servlet-class>
<init-param>
<param-name>RemoteURI</param-name>
<param-value>http://ip.of.second.server/website-files</param-value>
</init-param>
<init-param>
<param-name>AllowedContentTypes</param-name>
<param-value>image/gif,image/jpeg,image/png</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ExternalImagesServlet</servlet-name>
<url-pattern>/images/*</url-pattern>
</servlet-mapping>
Where ip.of.second.server is an actual IP address of the server. I have the file called website-files.xml defined as follow:
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="d:/internet/website/images" />
And website-files.xml is saved to glassfish\domains\domain1\config directory. But Glassfish does not pick up this config file.
I have looked at Oracle Glassfish configuration doco but there's no mention on how you can reference images from a different server.
Please help.
I have solved it based on an old thread relating to Glassfish version 2 that I found on Google after two days of search.
In case anyone is interested in the solution, here it is:
1) Create a file called sun-web.xml directly under Webcontent\WEB-INF directory and add the following configuration to this file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app>
<property name="alternatedocroot_1" value="from=/images/* dir=d:/internet/website" />
<property name="alternatedocroot_2" value="from=/files/* dir=d:/internet/website" />
</sun-web-app>
2) Remove the servlet and servlet-mapping configurations from web.xml file (like I did above). Note: The above would work if you were to use Tomcat.
3) Delete the website-files.xml from glassfish\domains\domain1\config directory as this file is not needed by Glassfish: Note: This file is needed by Tomcat.