In adobe AEM (aka cq), for a given url is it possible to see what jsp's are being invoked?
We've got example code, not written by us where 2 sets of 'base' jsp are being matched if a specific selector is present or not - 'm' for mobile.
In the base jsp a variable is then set to flag if a mobile or desktop device is requesting.
From then on no further selectors are used - just checks on the variable to specifically include mobile specific jsp or not.
A different approach from solely using selectors to invoke specific jsp or not.
By having the script resolution traced it helps visualise and debuts, but is this a common pattern for sling based code?
You can see details about the most recent requests in the Web Console, the Recent Requests tab ( http://localhost:4502/system/console/requests for a local author instance ).
The output is similar to the one below, and it should give you enough information
0 (2013-09-14 21:36:20) TIMER_START{Request Processing}
0 (2013-09-14 21:36:20) COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message>
0 (2013-09-14 21:36:20) LOG Method=GET, PathInfo=/.edit.html
0 (2013-09-14 21:36:20) TIMER_START{ResourceResolution}
1 (2013-09-14 21:36:20) TIMER_END{1,ResourceResolution} URI=/.edit.html resolves to Resource=JcrNodeResource, type=sling:redirect, superType=null, path=/
1 (2013-09-14 21:36:20) LOG Resource Path Info: SlingRequestPathInfo: path='/', selectorString='edit', extension='html', suffix='null'
1 (2013-09-14 21:36:20) TIMER_START{ServletResolution}
1 (2013-09-14 21:36:20) TIMER_START{resolveServlet(JcrNodeResource, type=sling:redirect, superType=null, path=/)}
1 (2013-09-14 21:36:20) TIMER_END{0,resolveServlet(JcrNodeResource, type=sling:redirect, superType=null, path=/)} Using servlet /libs/sling/servlet/default/edit.jsp
1 (2013-09-14 21:36:20) TIMER_END{0,ServletResolution} URI=/.edit.html handled by Servlet=/libs/sling/servlet/default/edit.jsp
1 (2013-09-14 21:36:20) LOG Applying Requestfilters
1 (2013-09-14 21:36:20) LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
1 (2013-09-14 21:36:20) LOG Calling filter: org.apache.sling.explorer.post.POSTServletFilter
1 (2013-09-14 21:36:20) TIMER_START{/libs/sling/servlet/default/edit.jsp#0}
3 (2013-09-14 21:36:20) LOG Including resource JcrNodeResource, type=sling:redirect, superType=null, path=/ (SlingRequestPathInfo: path='/', selectorString='head', extension='html', suffix='null')
3 (2013-09-14 21:36:20) TIMER_START{resolveServlet(JcrNodeResource, type=sling:redirect, superType=null, path=/)}
3 (2013-09-14 21:36:20) TIMER_END{0,resolveServlet(JcrNodeResource, type=sling:redirect, superType=null, path=/)} Using servlet /libs/sling/servlet/default/head.jsp
You can also find out which script or servlet will process a request using the ServletResolver service:
Servlet servlet = servletResolver.resolveServlet(slingRequest);
RequestUtil.getServletName(servlet);
As #robert_munteanu showed, the requests tab on the system console is the best place to track the processing of your requests.
This is common idiom in Sling applications. Different JSPs are used for GET/POST requests, requests containing selectors or requests with different extensions.
Take a look at the Sling Cheatsheet to understand how this works at high level, or at the Sling ScriptSelectionTest unit test, which explores a broader range of use cases.
Related
Attempting to open the JBoss EAP 7.3 admin console ends with blank white page with no errors in cmd terminal window.
Steps I did:
unzip jboss-eap-7.3.0.zip
run c:\AppServers\jboss-eap-7.3\bin\add-user.bat
update admin user and enter valid password
start local server c:\AppServers\jboss-eap-7.3\bin\standalone.bat
open http://127.0.0.1:9990/console/index.html
result blank page
DevTools Console output
hal-0.js:10804 GET http://127.0.0.1:9990/management 401 (Unauthorized)
hal-0.js:10803 GET http://127.0.0.1:9990/keycloak/adapter/wildfly-console 404 (Not Found)
hal-0.js:10811 11:30:43.262 ERROR o.j.h.c.b.endpoint.EndpointManager Keycloak adapter 'http://127.0.0.1:9990/keycloak/adapter/wildfly-console' doesn't exist - status: 404
hal-0.js:5706 POST http://127.0.0.1:9990/management 401 (Unauthorized)
hal-0.js:10811 11:30:43.281 ERROR o.j.h.c.bootstrap.HalBootstrapper Bootstrap error: Authentication required.
DevTools Network panel output
index.html 304 document Other 95 B 8 ms
polyfill.min.js 200 script index.html (memory cache) 0 ms
external.min.js 200 script index.html (memory cache) 0 ms
hal.nocache.js 200 script index.html (memory cache) 0 ms
hal.min.css 200 stylesheet index.html (disk cache) 5 ms
BD3BC5E1B9793E31D587DA5F8EC8FBDE.cache.js 200 script hal.nocache.js:10 (disk cache) 36 ms
OpenSans-Regular-webfont.woff2 200 font hal.min.css (memory cache) 0 ms
management 401 xhr hal-0.js:10804 429 B 4 ms
worker.js 200 javascript Other (disk cache) 2 ms
favicon.ico 200 x-icon Other (disk cache) 2 ms
wildfly-console 404 xhr hal-0.js:10803 206 B 3 ms
pouchdb.min.js 200 javascript worker.js:16 (disk cache) 3 ms
management 401 xhr hal-0.js:5706 773 B 4 ms
Same steps in home environment don't cause any issues.
I don't have any GET requests to keycloak/adapter/wildfly-console
I can open jboss console and login as admin.
The difference highly likely is in corporate security setup.
And I have to know exactly what to ask security department. Could you give me any idea what to look for?
I am trying to set up and run an old Web application(written in 2010) in a new Linux environment. The Apache server is not starting because of the error Unknown Authz provider access, caused by the configuration given below.
<Directory /srv/webapp>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
SetOutputFilter DEFLATE
ExpiresActive On
ExpiresDefault "3 Months"
AuthType security::AuthCookieHandler
AuthName Maxio
PerlAuthenHandler security::AuthCookieHandler->authenticate
PerlAuthzHandler security::AuthCookieHandler->authorize
require access
</Directory>
I couldn't find any documentation for this, or any apache module that defines access , but security::AuthCookieHandler has
sub access
{
...
...
}
I understand that this is mod_perl based authentication, but haven't worked on this before. Apache starts if this authentication is disabled, and the application loads in the browser.
So the questions are
Is require access supposed to get the return value from sub access ?
If so, why sub access is not visible to the configuration ?
If not so, what is access here ?
After researching for a few hours I found out that this is because of changes in the latest versions of Apache and mod_perl.
From the Apache-AuthCookie documentation and Apache 2.4 porting notes, I learned that Apache 2.4 needs mod_perl version 2.0.9 or higher.
Also, a custom Authz Provider has to be added using PerlAddAuthzProvider. I was able to solve my issue by doing
PerlAddAuthzProvider access security::AuthCookieHandler->access
...
...
<Directory /srv/webapp>
...
...
require access
</Directory>
I want to make some changes in a Project built on CQ5 ver 5.4.
There is a form submitting to a location "/bin/submitApplication" and I am unable to find the Servlet class for that. I have searched in CRX-DE Lite and there is no result.
Also if I go to URL http://vic.netpace.com/bin/submitApplication It give me the following exception that prints the class name but I cannot locate the class anywhere in CRX-DE
The requested URL /bin/submitApplication resulted in an error in com.netpace.vic.servlet.ApplicationServlet.
Request Progress:
0 (2016-08-09 14:24:08) TIMER_START{Request Processing}
0 (2016-08-09 14:24:08) COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message>
0 (2016-08-09 14:24:08) LOG Method=GET, PathInfo=/bin/submitApplication
0 (2016-08-09 14:24:08) TIMER_START{ResourceResolution}
0 (2016-08-09 14:24:08) TIMER_END{0,ResourceResolution} URI=/bin/submitApplication resolves to Resource=ServletResource, servlet=com.netpace.vic.servlet.ApplicationServlet, path=/bin/submitApplication
0 (2016-08-09 14:24:08) LOG Resource Path Info: SlingRequestPathInfo: path='/bin/submitApplication', selectorString='null', extension='null', suffix='null'
0 (2016-08-09 14:24:08) TIMER_START{ServletResolution}
0 (2016-08-09 14:24:08) TIMER_START{resolveServlet(ServletResource, servlet=com.netpace.vic.servlet.ApplicationServlet, path=/bin/submitApplication)}
0 (2016-08-09 14:24:08) TIMER_END{0,resolveServlet(ServletResource, servlet=com.netpace.vic.servlet.ApplicationServlet, path=/bin/submitApplication)} Using servlet com.netpace.vic.servlet.ApplicationServlet
0 (2016-08-09 14:24:08) TIMER_END{0,ServletResolution} URI=/bin/submitApplication handled by Servlet=com.netpace.vic.servlet.ApplicationServlet
0 (2016-08-09 14:24:08) LOG Applying Requestfilters
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.security.impl.ReferrerFilter
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.portal.container.internal.request.PortalFilter
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter
0 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
0 (2016-08-09 14:24:08) LOG Calling filter: com.netpace.vic.impl.filters.LoggingFilter
0 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.theme.impl.ThemeResolverFilter
0 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet
0 (2016-08-09 14:24:08) LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
0 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter
1 (2016-08-09 14:24:08) LOG RedirectFilter did not redirect (MobileUtil.isMobileResource() returns false)
1 (2016-08-09 14:24:08) LOG Applying Componentfilters
1 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter
1 (2016-08-09 14:24:08) LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter
1 (2016-08-09 14:24:08) TIMER_START{com.netpace.vic.servlet.ApplicationServlet#0}
1 (2016-08-09 14:24:08) TIMER_START{handleError:status=405}
4 (2016-08-09 14:24:08) TIMER_END{3,handleError:status=405} Using handler org.apache.sling.servlets.resolver.internal.defaults.DefaultErrorHandlerServlet
4 (2016-08-09 14:24:08) TIMER_END{4,Request Processing} Dumping SlingRequestProgressTracker Entries
Goto http://<your server>:<port>/system/console/components and search for your class com.netpace.vic.servlet.ApplicationServlet, every servlet is registered as an OSGI component so you will find your servlet in components console.
Expand the component listing to see the details, from there you will get the bundle name in which that servlet is located. Copy that bundle name or note the bundle id.
Now goto /system/console/bundles and look for the bundle either using the name or id you copied from components console. You will be able to find the bundle, expand the bundle listing to see its details. In those details it will also specify location where bundle is installed/located.
You can goto that location in CRXDE, now there are two possibilities -
You will find a src folder there in CRXDE which should have code you are looking for.
Or you will know the name of JAR that is carrying your servlet. You can go and check your code repository/project for the java code of the servlet
Also note that your servlet appears to be a form POST servlet so when
you are trying to access it via URL -
http://vic.netpace.com/bin/submitApplication you trying to hit a GET
request on it which probably is not supported by the servlet.
I had done web scan for an application(built in struts and hibernate framework) deployed in jboss 5 which reported "Set-cookie does not use HTTPOnly keyword. The web application does not utilize HTTPOnly cookies". What does it mean. I looked for some post and just added one line in my jboss/deploy/jbossweb.sar/context.xml as
<SessionCookie secure="true" useHttpOnly="true" >
After setting that, I am getting error while running the application. Is there any configuration that I am missing?
try this:
<SessionCookie secure="true" httpOnly="true" />
What does it mean
The HttpOnly flag in a http response header indicates to the browser that client-side access to the JSESSION_ID or other session-cookie type identifier should not be permitted. What this is intended to prevent is a malicious access to the session token via client side scripts in an XSS(or other attack involving session hijacking from the client side). Currently almost all major browsers support this flag(see this list for supporting browsers), but it's simply ignored in browsers that don't support it. See more info on this at the OWASP site
Setting it up is similar for tomcat and forks of it, including Jboss, by including the following in your context file:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
or
<SessionCookie secure="true" httpOnly="true" />
I am developing GWT based application using JPA as data access layer. My application is required to support three-tier architecture. Main idea is to have HTTP server (Apache) with static content (html/javascript etc.), Web Application server (Glassfish) with business logic (servlets, beans, etc.) and Database server (PostgreSQL).
Is there any easy way to divide content of war file generated for simple GWT application to achieve described architecture?
Maybe there is a maven plugin which will help in creating separate war files with static content and business logic.
I was also considering creating proxy which will intercept GWT-RPC calls and invoke business methods on remote server.
I found very interesting article describing such solution (full article) but it requires a lot of work to achieve my goal. Hopefully there is a library or toolkit which will simplify proxy generation process.
Any ideas will be greatly appreciated.
I have a similar setup, just Tomcat instead of Glassfish, and maven to build everything. Here's how it works. Apache httpd and Tomcat are connected with mod_jk. Apache forwards all requests to Tomcat except for the GWT module dir (lets call it gwt_module), which contains all the GWT compiled stuff - that gets served by Apache and is configured to be cached.
The rest - servlets basically, gets forwarded to Tomcat (RPC, RequestFactory, other servlets). MongoDB as a database server.
Here's the relevant httpd.conf section:
JkMount /* webbalancer
JkUnMount /gwt_module/* webbalancer
Alias /gwt_module "/srv/web/app_servers/tomcat-1/webapps/ROOT/gwt_module/"
<Directory "/srv/web/app_servers/tomcat-1/webapps/ROOT/gwt_module/">
Order deny,allow
allow from all
Options -Indexes
<FilesMatch "\.cache\.*">
Header set Cache-control max-age=31536000
# Header unset ETag
# FileETag None
</FilesMatch>
# turning off ETags, to force browsers to rely only on Cache-Control and Expires headers.
# for some reason, FF wasn't using the cache for JS files if ETags are on.
Header unset ETag
FileETag None
</Directory>
# Tell clients to keep images in the cache
ExpiresActive On
ExpiresByType image/x-icon A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000
#ExpiresByType application/x-javascript A2592000
ExpiresByType text/css A2592000
ExpiresByType application/xhtml+xml A2592000
# Compress output for text
AddOutputFilterByType DEFLATE text/html text/xml text/css application/x-javascript text/javascript application/javascript
Note: I'm not sure that serving static files with apache is faster than serving everything with only tomcat, I use apache for load balancing primarily.