tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Koberg <...@koberg.com>
Subject Re: No URL rewriting when cookies are disabled
Date Fri, 06 Feb 2009 00:48:41 GMT
Hi,

Pimping the JSP XML syntax and XSL... :)

If, by any chance your JSPs are using XML syntax (or well-formed or  
can be well-formed), you can use XSL to transform all of your links to  
be encoded for cookie-less users.

For example, the following JSP:

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:c="http://java.sun.com/jsp/jstl/core

" version="2.0">
   <jsp:output
     omit-xml-declaration="yes"
     doctype-root-element="html"
     doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd 
"
     doctype-public="-//W3C//DTD XHTML 1.0 Transitional//EN"/>
   <jsp:directive.page session="false" contentType="text/ 
html;charset=UTF-8" pageEncoding="UTF-8"/>
   <html xmlns="http://www.w3.org/1999/xhtml">
     <head>
       <title>foo</title>
     </head>
     <body>
       <p>blah blah <a href="foo.jsp?id=${obj.id}&amp;foo=bar"  
class="foo">foo</a> blah.</p>
     </body>
   </html>
</jsp:root>

can use the following XSL to transform it:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet
   xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
   version="2.0"
   xmlns:x="http://www.w3.org/1999/xhtml"
   xmlns:c="http://java.sun.com/jsp/jstl/core"
   exclude-result-prefixes="x">

   <xsl:strip-space elements="*"/>
   <xsl:output method="xhtml" />

   <xsl:template match="@*|node()">
     <xsl:copy>
       <xsl:apply-templates select="@*|node()"/>
     </xsl:copy>
   </xsl:template>

   <xsl:template match="x:a[@href]">
     <c:url var="uri" value="{substring-before(@href, '?')}">
       <xsl:if test="contains(@href, '?')">
         <xsl:variable name="querystring" select="substring- 
after(@href, '?')"/>
         <xsl:variable name="params" select="tokenize($querystring,  
'&amp;')"/>
         <xsl:for-each select="$params">
           <xsl:variable name="param" select="tokenize(., '=')"/>
           <c:param name="{$param[1]}" value="{$param[2]}" />
         </xsl:for-each>
       </xsl:if>
     </c:url>
     <xsl:copy>
       <xsl:copy-of select="@* except @href"/>
       <xsl:attribute name="href">${uri}</xsl:attribute>
       <xsl:apply-templates/>
     </xsl:copy>
   </xsl:template>

</xsl:stylesheet>

to create:

<?xml version="1.0" encoding="UTF-8"?><jsp:root xmlns:jsp="http://java.sun.com/JSP/Page

" xmlns:c="http://java.sun.com/jsp/jstl/core" version="2.0">
   <jsp:output omit-xml-declaration="yes" doctype-root-element="html"  
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1- 
transitional.dtd" doctype-public="-//W3C//DTD XHTML 1.0 Transitional// 
EN"></jsp:output>
   <jsp:directive.page session="false" contentType="text/ 
html;charset=UTF-8" pageEncoding="UTF-8"></jsp:directive.page>
   <html xmlns="http://www.w3.org/1999/xhtml">
     <head>
       <meta http-equiv="Content-Type" content="text/html;  
charset=UTF-8" />
       <title>foo</title>
     </head>
     <body>
       <p>blah blah
         <c:url var="uri" value="/foo.jsp">
           <c:param name="id" value="${obj.id}"></c:param>
           <c:param name="foo" value="bar"></c:param>
         </c:url><a class="foo" href="${uri}">foo</a> blah.
       </p>
     </body>
   </html>
</jsp:root>

best,
-Rob


On Feb 5, 2009, at 6:28 PM, Christopher Schultz wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> André,
>
> André Warnier wrote:
>> Actually, I was just perusing a page in the Tomcat 6 docs :
>> http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
>>
>> and it actually says, for the "cookies" attribute :
>> Set to true if you want cookies to be used for session identifier
>> communication if supported by the client (this is the default). Set  
>> to
>> false if you want to disable the use of cookies for session  
>> identifier
>> communication, and rely only on URL rewriting *by the application*.
>
> André has the answer right here (though without details).
>
> In order to get your application to rewrite URLs, you need to pass  
> every
> single outgoing URL through the HttpServletResponse.encodeURL method  
> (or
> HttpServletResponse.encodeRedirectURL if you are using a redirect).
>
> I've found that this is detail is often overlooked in web  
> applications.
> Most JSP tag libraries and things like that do this transparently, so
> you may not have even been aware that it was a requirement.
>
> Good luck reviewing all that code ;)
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkmLdjcACgkQ9CaO5/Lv0PD8cQCeKvrnDjZvNJTrXCcXuzOKUeSt
> +2YAoKYSCgXVEzLMhSFFk309g0OhO8kP
> =SKW6
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message