tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Sharma <ping2r...@gmail.com>
Subject Re: Filtering URL via tomcat
Date Fri, 01 May 2009 23:36:23 GMT
Hi All,
I guess i did not explained it properly. Let me try once again in simple
way. Forget about what i wrote before.

my Webapps dir have one application called app and has following dir
structure

webapps/app/audio/download/

above dir contacins html pages which are being generated by tomcat whenever
needed.
webapps/app/audio/download/abc.html
webapps/app/audio/download/def.html
webapps/app/audio/download/xyz.html

someone can request these files with url like
http://www.mysite.com/app/audio/download/abc.html

I wanted to server these pages only to registered user of my site so i put
one filter in web.xml of my application
    <filter>
        <filter-name>DownLoadSecurityFilter</filter-name>
        <filter-class>com.app.security.SecurityFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>DownLoadSecurityFilter</filter-name>
        <url-pattern>/audio/download/*</url-pattern>
    </filter-mapping>


So whenever someone try to access this url
http://www.mysite.com/app/audio/download/abc.html and if he is not logged in
Filter forwars the request to login page(this part is working fine, Filter
seems working fine).
Now if user is logged in then i dont do any redirection to login page in
Filter class. Class code as follows


    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain)
    throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest)request;
        HttpServletResponse httpResponse = (HttpServletResponse)response;
       doBeforeProcessing(request, response); // No code in this function
        String accessedUrl = httpRequest.getRequestURI();
        String targetUrl = httpRequest.getRequestURL().toString();

    Throwable problem = null;

        //chain.doFilter(request, response);
        try
        {
            checkSecurity(request);
        }
        catch(UserNotLoggedIn ex)
        {
            httpResponse.sendRedirect(httpRequest.getContextPath() +
LOGINURL +"?URL=" + targetUrl);
            return;
        }
        catch(OperationNotAllowedForUser ex)
        {
            httpResponse.sendRedirect(httpRequest.getContextPath() +
DENIENDURL );
            return;
        }
        catch (ApplicationException ex)
        {

        }
        chain.doFilter(request, response);


    doAfterProcessing(request, response); // No code in this function

    if (problem != null) {
        if (problem instanceof ServletException) throw
(ServletException)problem;
        if (problem instanceof IOException) throw (IOException)problem;
        sendProcessingError(problem, response);
    }
    }

Problem : Now when user is logged in then user should be able to see this
page content of
http://www.mysite.com/app/audio/download/abc.html

but on this page in browser user getting following tomcat error

*Type* Status report
*message* */app/audio/download/abc.html
**description* *The requested resource (/app/audio/download/abc.html) is not
available.**


But the file do exists in this location.
Any idea why it is happening?




Ravi.





On Fri, May 1, 2009 at 5:19 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ravi,
>
> Some things aren't adding up:
>
> > http://www.mysiste.com/audio/abc.html (anyone/guests can see this page)
> > http://www.mysiste.com/audio/app/download/abc.html (only logged in user
> can
> > see this page)
>
> ...and...
>
> > the root of my site reside in appache httpd server
> > so i have folder structure like
> > mysite/public_html/audio
> > mysite/public_html/app/audio/download
> >
> > in my httpd conf i have something like this
> > JkMount /app/audio/download/* ajp13w
>
> You have JkMounted /app/audio/download but your URLs above suggest this
> should be /audio/app/download/abc.html. That's strange.
>
> You have your webapp in a directory called "mysite" but the context name
> is "app". That's strange.
>
> On 4/27/2009 2:26 PM, Ravi Sharma wrote:
> > http://www.mysite.com/audio/abc.html is a html being served by httpd
> > correctly
> > then when i try to access
> > http://www.mysite.com/app/audio/download/abc.htmli get following error
> > on browser
> >
> > *Type* Status report
> > *message* */app/audio/download/abc.html
> > **description* *The requested resource (/app/audio/download/abc.html) is
> not
> > available.**
>
> Sounds like this is a Tomcat error. Are you attempting to serve
> /app/audio/download/abc.html from within Tomcat? If so, is that file
> (abc.html) actually deployed as part of the web application?
>
> I think it would be helpful to post more of your httpd configuration and
> the output of 'find' in your webapp's root directory.
>
> Another question: why are you implementing your own authentication and
> authorization instead of using those built-in features of Tomcat? Seems
> like re-inventing the wheel...
>
> > There are no errors in catalina.out(and this is the only file in logs dir
> of
> > Tomcat)
>
> catalina.out will not contain errors like "file not found". If you want
> to see what requests are being served, you'll want to enable the
> AccessLogValve. See
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html for details.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkn7IRUACgkQ9CaO5/Lv0PALDwCgiiLbGQ3m1VbcnqUp2cWGtCZR
> 1HsAn11gsfaTF1DxL9xd3/QMRiVaqhFH
> =aPN/
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message