I'm trying to send a file to a user from an http servlet.
The servlet runs some identification tests (on the request) and then sends the client a file.
This generally works but now I turned on my TOMCAT server redirects to https and when I try to access the servlet and download the file from either IE6 or IE8 it fails and I get this exception:
java.lang.IllegalStateException: Cannot forward after response has been committed
(on the localhost.log)
and
ClientAbortException: java.net.SocketException: Connection reset by peer: socket write error
(in the servlet log)
The code that does the sending (Simplified):
private void sendFile(HttpServletResponse response, byte[] file, String clientFileName)
{
ServletOutputStream op = null;
setContentType(response);
response.setHeader("Content-Disposition", "attachment; filename=\"" + clientFileName + "\"");
// send byte array to output buffer.
op = response.getOutputStream();
// Content Length must be set after all processing done.
response.setContentLength((int) file.length);
op.write(file);
}
Is this the correct way to send a file from a servlet? What's the best way?
Thanks!!
UPDATE
Used the code from #BalusC artice in this link:
http://balusc.blogspot.com/2007/07/fileservlet.html
This made it work.
Still doesn't work in IE6-IE8 when used from Gmail because of a filtering stage gmail adds to downloads in these browsers.
UPDATE 2
The problem seems to be with Gmail + Internet Explorer 6-8.
I'm Assuming that gmail is doing a redirect (That's actually pretty obvious if you look at the url on the page after you click the link in the mail).
Is Client-Pull technique my only solution?
The solution to the problem is the "Client-Pull" technique.
By adding a Refresh value to the header we make the browser ask for the file.
This is the only solution I could come up to that overcomes the fact the gmail will use redirection when pressing a link from within an email.
In the code I did this:
response.setHeader("Refresh", "3; URL=\"" + url.toString() + "\"");
forwardToJSP(request, response, "waitForBrowserRefreshPage.jsp");
Meaning - after 3 seconds ask the user for the specified url which will, in turn, deliver the file to the client.
The forwardToJSP method displays the "You will be forwarded soon, here a link if it fails" message.
Related
IS there a way to trick the server so I don't get this error:
Content was blocked because it was not signed by a valid security certificate.
I'm pulling an iframe of an html website into another website but I keep getting the console (chrome) error in the title of this question and in internet explorer it says:
Content was blocked because it was not signed by a valid security certificate.
Your resource probably use a self-signed SSL certificate over HTTPS protocol.
Chromium, so Google Chrome block by default this kind of resource considered unsecure.
You can bypass this this way :
Assuming your frame's URL is https://www.domain.com, open a new tab in chrome and go to https://www.domain.com.
Chrome will ask you to accept the SSL certificate. Accept it.
Then, if you reload your page with your frame, you could see that now it works
The problem as you can guess, is that each visitor of your website has to do this task to access your frame.
You can notice that chrome will block your URL for each navigation session, while chrome can memorise for ever that you trust this domain.
If your frame can be accessed by HTTP rather than HTTPS, I suggest you to use it, so this problem will be solved.
Sometimes Google Chrome throws this error, even if it should not.
I experienced it when Chrome had a new version, and it needed to be restarted.
After restarting the same page worked without any errors.
The error in the console was:
net::ERR_INSECURE_RESPONSE
I still experienced the problem described above on an Asus T100 Windows 10 test device for both (up to date) Edge and Chrome browser.
Solution was in the date/time settings of the device; somehow the date was not set correctly (date in the past). Restoring this by setting the correct date (and restarting the browsers) solved the issue for me. I hope I save someone a headache debugging this problem.
Offering another potential solution to this error.
If you have a frontend application that makes API calls to the backend, make sure you reference the domain name that the certificate has been issued to.
e.g.
https://example.com/api/etc
and not
https://123.4.5.6/api/etc
In my case, I was making API calls to a secure server with a certificate, but using the IP instead of the domain name. This threw a Failed to load resource: net::ERR_INSECURE_RESPONSE.
open up your console and hit the URL inside. it'll take you to the API page and then in the page accept the SSL certificate, go back to your app page and reload.
remember that SSL certificates should have been issued for your Dev environment before.
If you're developing, and you're developing with a Windows machine, simply add localhost as a Trusted Site.
And yes, per DarrylGriffiths' comment, although it may look like you're adding an Internet Explorer setting...
I believe those are Windows rather than IE settings. Although MS tend to assume that they're only IE (hence the alert next to "Enable Protected Mode" that it requries restarted IE)...
Try this code to watch for, and report, a possible net::ERR_INSECURE_RESPONSE
I was having this issue as well, using a self-signed certificate, which I have chosen not to save into the Chrome Settings. After accessing the https domain and accepting the certificate, the ajax call works fine. But once that acceptance has timed-out or before it has first been accepted, the jQuery.ajax() call fails silently: the timeout parameter does not seem help and the error() function never gets called.
As such, my code never receives a success() or error() call and therefore hangs. I believe this is a bug in jquery's handling of this error. My solution is to force the error() call after a specified timeout.
This code does assume a jquery ajax call of the form jQuery.ajax({url: required, success: optional, error: optional, others_ajax_params: optional}).
Note: You will likely want to change the function within the setTimeout to integrate best with your UI: rather than calling alert().
const MS_FOR_HTTPS_FAILURE = 5000;
$.orig_ajax = $.ajax;
$.ajax = function(params)
{
var complete = false;
var success = params.success;
var error = params.error;
params.success = function() {
if(!complete) {
complete = true;
if(success) success.apply(this,arguments);
}
}
params.error = function() {
if(!complete) {
complete = true;
if(error) error.apply(this,arguments);
}
}
setTimeout(function() {
if(!complete) {
complete = true;
alert("Please ensure your self-signed HTTPS certificate has been accepted. "
+ params.url);
if(params.error)
params.error( {},
"Connection failure",
"Timed out while waiting to connect to remote resource. " +
"Possibly could not authenticate HTTPS certificate." );
}
}, MS_FOR_HTTPS_FAILURE);
$.orig_ajax(params);
}
This problem is because of your https that means SSL certification. Try on Localhost.
Environment:
-SharePoint 2010 foundation
-Claim based authentication
-Execution time out in web.config is set to 3600
Overview:
We have an excel export functionality where we connect to AD and SQL databases to fetch Users and their related data for a perticular Organization Unit (OU)in Active Directory.
We have on OU in AD which has got around 1400 users in it. We are using Open and Closed xml to generate excel file which works fine and takes about 11-14 minutes to generate a file on the server on following path
C:\inetpub\wwwroot\wss\VirtualDirectories\VirtualDirectyrName\Excel\FileName.xlsx
Immediately after generating a file we have following piece of code which would read file from server and dump it on output steam and presents a file ope-save as dialog box in browser to end user.
Problem Description:
When an Organization has less number of users and it does not take more than 5-6 minteus to generate the file on server, following piece of code successfully downloads the file on browser. But when for above mentioned OU where we have 1400 users the reponse.writefile function fails and in browse we get to see 'Browse can not display this web page' (when fiddler was on we found it gives - http 504 error). Surpricingly if we perform this export from the server itself (i.e browse the web site on server) it downloads without issue.
protected void lnkbtnDownloadFile_Click(object sender, EventArgs e)
{
String fileName = #"C:\inetpub\wwwroot\wss\VirtualDirectories\VirtualDirectyrName\Excel\540KBFileWhichFails.xlsx";
//File size is hardly ~500 KB
//Wait for around 12 minutes, to mimic a scenario of file generation which takes time on staging and prod. environment.
System.Threading.Thread.Sleep(720000);
try
{
if (fileName != "")
{
var file = new FileInfo(fileName);
if (file.Exists)
{
Response.Clear();
Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name);
Response.AddHeader("Content-Length", file.Length.ToString());
Response.ContentType = "application/octet-stream";
Response.WriteFile(file.FullName);
Response.End();
}
else
Response.Write("This file does not exist.");
}
}
catch (Exception ex)
{
//This would usually give thread aboart exception but thats expected.
}
}
we dont see any error in ULS logs, event logs specific to this behavior.
Please note , response.TransmitFile also gives same behaviour.
any idea ?
What I suspect here is that you have felt on session lock. What I mean is that the download and the generation and all this calls made using the session, and session locks everything until finish.
To solve this issue do two thinks.
When you generate this file, generate it ether with thread ether with handle with out session needed
Download this file from a handler (that not use session) and not from the page post back.
For example you make a handler, eg download.ashx and you make a link to your page as download.ashx?thisfileId=7723423&SecurityID=82jkj1288123 Inside your handler you read this parameters and you send the file. But if you make this on the page then a way is to disable the session for this page if you not use session, for example you set EnableSessionState="false" on the first line declarations.
Some similar questions and session relative answer.
call aspx page to return an image randomly slow
Replacing ASP.Net's session entirely
How to deliver big files in ASP.NET Response?
I figured out the issue, It was an issue with the Idle time out issue in the Hardware load balancer we where using. Default value in load balancer was 0 which meant 11 minutes and my file generation was taking longer than that which caused this issue. Increasing load balancer idle time out issue seems to be solutions.
First off: This is not another question about how to load a policy file.
I have an app in development that connects to a socket server, gets the policy file and works just dandy. However, when the socket server is down for whatever reason, I need to gracefully fallback to an alternative method of getting messages from the server (polling, basically).
This is not a problem, except for one thing:
Error: Request for resource at xmlsocket://[ip]:4770 by requestor from http://[ip]/cooking/Client.swf has failed because the server cannot be reached.
There doesn't appear to be a way to catch this. I have these event listeners on my socket:
addEventListener(Event.CLOSE, closeHandler);
addEventListener(Event.CONNECT, connectHandler);
addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
addEventListener(ProgressEvent.SOCKET_DATA, socketDataHandler);
SecurityErrorEvent is what you might think fires, but it doesn't. The docs say it fires for these reasons:
Local untrusted SWF files may not communicate with the Internet. You can work around this limitation by reclassifying the file as local-with-networking or as trusted.
You cannot specify a socket port
higher than 65535.
In the HTML page that contains the
SWF content, the allowNetworking
parameter of the object and embed
tags is set to "none".
So none of those apply. It appears what I really want to catch is the failure of the policy file to load, but even doing an explicit Security.loadPolicyFile() won't help, since that load is deferred to the first socket request AND doesn't fire any events.
For completeness, I also surrounded the call to connect() with a try{}catch (e:*){}, no result.
There's got to be a way to sort this. Any ideas? I simply need a way to tell when the connection has failed because of networking issues and try an alternate path.
EDIT: Despite my previous tests and the docs, it appears SecurityErrorEvent does fire - only it does it about 20 seconds after the load fails, so it's not obvious. I guess that's as immediate as I'm going to get from Flash.
Don't forget to retry connecting :)
private function onIOError(e:IOErrorEvent):void {
e.stopPropagation();
++this.retryCount;
if( this.retryCount >= 12 ){
this.connectTimer.stop();
this.dispatchEvent( new Event( 'TIMIEDOUT' ) );
}else{
this.err = 'IO-ERROR-EVENT - ' + e.text + '\r\nAttempting to reconnect';
}
}
I have a flash video player which requests a flv file from a central server. That server might redirect the request to a server from the user's country if possible, a lot like a CDN.
This video player also reports usage stats. One thing I'd like to report is the true server/location from which the player is streaming the video from. So basically, if it gets redirected I want to know about it.
It seems that you can't extract the url from a URLLoader, you can only keep a copy of the URLRequest that you constructed it with.
I notice that you can listen for HTTP status events, which would include a 302 or similar. But unfortunately, the HTTPStatusEvent object doesn't show the redirected location.
Any ideas about how to monitor for a redirect, and get the redirected location?
I'm a bit surprised Flash allows you to redirect a video request at all. I did a bit of digging and it looks like you can get the info:
Handling Crossdomain.xml and 302 Redirects Using NetStream
His post specifically talks about the trouble of security issues that arise because of the fact some operations fail if data is from an untrusted server. Since he doesn't know where his video is coming from (302 redirect) the Flash Player doesn't trust it and prevents some operations on the loaded content.
How he gets the server the content was actually loaded from is to do an operation on the file that should not be allowed and he parses the domain information from the error message:
try
{
var bit:BitmapData = new BitmapData(progressiveVideoPlayer.measuredWidth, progressiveVideoPlayer.measuredHeight, false, 0x000000);
bit.draw(progressiveVideoPlayer);
}
catch(error:SecurityError)
{
var list:Array = error.toString().split(" ");
var swfURL:String = list[7] as String;
var domain:String = list[10] as String;
domain = domain.substring(0, domain.length - 1);
var domainList:Array = domain.split("/");
var protocol:String = domainList[0] as String;
var address:String = domainList[2];
var policyFileURL:String = protocol + "//" + address + "/crossdomain.xml";
Security.loadPolicyFile(policyFileURL);
}
Notice he is doing it so that he can load the policy file (to allow the security restricted operations on the file). I'm not sure it will be helpful to you but at least read the article and have a think about it. You may contact the blog author directly too - he is pretty active in the general Flash community.
hi friends i'm a newbie in blackberry programming and have managed to make a small application... The application downloads an xml file through http and parses it and displays it on the screen... now the problem is that though it works fine on my simulator... the client complains that he's getting an error in connection if he connects it through 3G... do i need to add anything other than the following...
// Build a document based on the XML file.
url = <my clients url file>;
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
hc = (HttpConnection)Connector.open(url+";deviceside=true");
hc.setRequestMethod(HttpConnection.GET);
InputStream inputStream = hc.openInputStream();
hc.getFile();
Document document = builder.parse(inputStream);
hc.close();
inputStream.close();
Do i need to add anything to make it download http content through 3G also??
Specifying "deviceside=true" requires the device have the APN correctly configured, or you include APN specification in the URL. Have a look at this video.
You need to be able to detect what sort of connection the device is using as was said above deviceside=true works only for APN. If you want to just test it out try using
;deviceside=false //for mds
;deviceside=false;ConnectionType=mds-public //for bis-b
;interface=wifi //for wifi