• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how to write correct url-pattern in security-constraint in tomcat

 
Ranch Hand
Posts: 62
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi all
well my requirement is to protect all jsp pages outside the WEB-INF folder.
my web.xml looks like this
<security-constraint>
<web-resource-collection>
<web-resource-name>ABC</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>

also i have the following in the web.xml
<!-- The Usual Welcome File List -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

now becoz of above i am not allowed access to index.jsp

i tried to change <url-pattern> to
<url-pattern>beer/*.jsp</url-pattern> where beer is the name of context/ folder in web-apps in tomcat
OR to <url-pattern>/beer/*.jsp</url-pattern>

but my tomcat(Apache Tomcat/5.0.19) gives error

so need to know all the rules which can be used to make valid url-pattern

thanks
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is that the ../conf/web.xml file that you have modified or the web.xml specific to the /beer webapp?
What is the exact error messge?
Bill
 
Vilpesh Mistry
Ranch Hand
Posts: 62
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello bill,
well i MODIFIED the web.xml in the web-apps ie under beer/web-inf/web.xml

THE ERROR LISTING IS(happens when u start tomcat)
.....
Nov 23, 2004 11:34:30 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.0.19
Nov 23, 2004 11:34:30 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Nov 23, 2004 11:34:33 AM org.apache.commons.digester.Digester endElement
SEVERE: End event threw exception
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:252)
at org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256)
at org.apache.commons.digester.Rule.end(Rule.java:276)
at org.apache.commons.digester.Digester.endElement(Digester.java:1058)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:300)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:641)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:253)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:832)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345)
at org.apache.catalina.startup.Catalina.start(Catalina.java:594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
Caused by: java.lang.IllegalArgumentException: Invalid <url-pattern> /beer/*.jsp in security constraint
at org.apache.catalina.core.StandardContext.addConstraint(StandardContext.java:1787)
... 38 more
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig applicationConfig
SEVERE: Parse error in application web.xml
java.lang.IllegalArgumentException: Invalid <url-pattern> /beer/*.jsp in security constraint
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:300)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:641)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:253)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:832)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345)
at org.apache.catalina.startup.Catalina.start(Catalina.java:594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig applicationConfig
SEVERE: Occurred at line 106 column 23
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig start
SEVERE: Marking this application unavailable due to previous error(s)
Nov 23, 2004 11:34:33 AM org.apache.catalina.core.StandardContext start
SEVERE: Error getConfigured
Nov 23, 2004 11:34:33 AM org.apache.catalina.core.StandardContext start
SEVERE: Context startup failed due to previous errors


thanks
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, thats pretty obvious

it doesn't like the way you wrote the url-pattern.
I have never done this so I don't know what it is looking for, but if it was my problem I would try removing that leading /beer since url-pattern tags for a web-app don't usually mention the web-app directory.

Bill
 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The exact problem with this pattern: "/beer/*.jsp "

Is that it starts with a '/', indicating a path mapping, and ends with and extension mapping.

URL-patterns must be one of the following:

- start with a '/' and end with a '/*', use this one for path patterns
- start with a '*.' and end with a character, use this for extension mapping
- some sequence of characters starting with '/' and not ending in '*', use this for exact matches.

If you want to secure the /beer pages, then the pattern should be "/beer/*"
 
Vilpesh Mistry
Ranch Hand
Posts: 62
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi
thanks mike for the rules given for URL-patterns

i tried using <url-pattern>/beer/*</url-pattern>
tomcat doesnot give error but when i try to access the jsp page, the page is rendered so i am using <url-pattern>*.jsp</url-pattern>.By this no access is given to my jsp pages

thanks
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ah. well if your application is being mapped to '/beer', then the url-pattern /beer/* would apply to urls like this:

http://domain.com/beer/beer/foo.jsp

Don't include the name of the application in any of your url-patterns (this applies not just to security constraints, but for any url-patterns anywhere).
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, if you want to filter many types of files, then add an extra filter-mapping. It works:
<filter-mapping>
<filter-name>Filter 1</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Filter 1</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>

Bye.
Gl�nio Alexandre

Originally posted by Mike Curwen:
ah. well if your application is being mapped to '/beer', then the url-pattern /beer/* would apply to urls like this:

http://domain.com/beer/beer/foo.jsp

Don't include the name of the application in any of your url-patterns (this applies not just to security constraints, but for any url-patterns anywhere).

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic