I have a maven project (with web and JPA facets) in Eclipse Java EE IDE for Web Developers. I have added the jars to my tomcat library and everything compiles great.
However, my webpage header does NOT reflect what I have enabled in my web.xml through the CORS filter.
My header looks like:
And my web.xml contains:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Servlet 1: Expose the OData service endpoint -->
<servlet>
<servlet-name>OData</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<!-- all additional parameters will be passed to your factory create method -->
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.odata4j.jersey.producer.resources.ODataApplication</param-value>
</init-param>
<init-param>
<param-name>odata4j.producerfactory</param-name>
<param-value>org.odata4j.producer.jpa.JPAProducerFactory</param-value>
</init-param>
<init-param>
<param-name>odata4j.jpa.persistenceUnitName</param-name>
<param-value>Resource</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>OData</servlet-name>
<url-pattern>/example.svc/*</url-pattern>
</servlet-mapping>
<!-- Servlet 2: Enable crossdomain access for browser clients -->
<servlet>
<servlet-name>CrossDomain</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.odata4j.producer.resources.RootApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CrossDomain</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!-- Use CORSFilter for CORS -->
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<!-- Note: All parameters are options, if ommitted CORS Filter
will fall back to the respective default values.
-->
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, OPTIONS, PUT, DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Content-Type, X-Requested-With, Accept, Authentication</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>X-Test-1, X-Test-2</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
I fixed my headers to support CORS by implementing Padcom's CORS filter for Java application as described here.
I'm still not sure why the method I tried above didn't work...
But if you are stuck trying the method above, it is easy and work trying Padcom's method. :)
Related
What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.
I followed this guide and got the two needed jars from here.
I have integrated CAS with JIRA like described there, but when I open jira, the user is redirected to /secure/Dashboard.jspa (the jira login page). By clicking login in the top right corner the cas page is opening, but after logging in successfully the user is redirected back to the JIRA login page and the user is still not logged in here. Can anyone help me to fix this?
Here the configs I've added:
web.xml:
<!-- CAS FILTER -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://[sso url]/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- Just before the last filter in the defined chain -->
<!-- CAS - Java Client Filter Mappings -->
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/default.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->
seraph-config.xml:
<init-param>
<param-name>login.url</param-name>
<!--<param-value>/login.jsp?permissionViolation=true&os_destination=${originalurl}&page_caps=${pageCaps}&user_role=${userRole}</param-value>-->
<param-value>https://[sso url]/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>https://[sso url]/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>logout.url</param-name>
<!--<param-value>/secure/Logout!default.jspa</param-value>-->
<param-value>https://[sso url]/logout</param-value>
</init-param>
<!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</authenticator>
The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.
Thought this might be helpful for others with a similar problem.
I am trying to implement Owasp CARF library (3.0.0). When I place the Owasp.CsrfGuard.js file in WEB-INF/ folder and try to deploy the application, I get the below error:
Unexpected token % at Owasp.CsrfGuard.js
I see the %DOMAIN_STRICT% and other variables which are not recognized.
I have configured the Javscriptservlet like:
<servlet>
<servlet-name>JavaScriptServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
<init-param>
<param-name>source-file</param-name>
<param-value>/WEB-INF/Owasp.CsrfGuard.js</param-value>
</init-param>
<init-param>
<param-name>inject-into-forms</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>inject-into-attributes</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>domain-strict</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>referer-pattern</param-name>
<param-value>.*</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>JavaScriptServlet</servlet-name>
<url-pattern>/JavaScriptServlet</url-pattern>
</servlet-mapping>
The server used is Weblogic 12.2.1.2
Do I need to configure anything. How do I resolve the js error??
When trying to access /Example/Site a 404 no found page will be shown, but the jsp is in webapp/WEB-INF/jsp/. Why is this not working?
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>jmattheis rest app</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>jersey-servlet</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.stackoverflow.jmattheis.rest</param-value>
</init-param>
<init-param>
<param-name>jersey.config.servlet.filter.forwardOn404</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>org.glassfish.jersey.server.mvc.jsp.JspMvcFeature</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.mvc.templateBasePath.jsp</param-name>
<param-value>/WEB-INF/jsp</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.tracing</param-name>
<param-value>ALL</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>jersey-servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
Here the Resource:
#Component
#Path("Example")
public class Example {
#GET
#Path("/Site")
#Produces(MediaType.TEXT_HTML)
public Response getSite() {
return Response.ok(new Viewable("/test")).build();
}
}
Have a look at the Jersey2 MVC documentation
Jersey web applications that want to use JSP templating support should be registered as Servlet filters rather than Servlets in the application's web.xml. The web.xml-less deployment style introduced in Servlet 3.0 is not supported at the moment for web applications that require use of Jersey MVC templating support.
So you need to change your servlet to an filter to make it work.
It could be that this was not needed in the early versions of jersey 2, but I cannot find the older documentation for that so we'll never know.
Like this:
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>jmattheis rest app</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>jersey-filter</filter-name>
<filter-class>org.glassfish.jersey.servlet.ServletContainer</filter-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.stackoverflow.jmattheis.rest</param-value>
</init-param>
<init-param>
<param-name>jersey.config.servlet.filter.forwardOn404</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>org.glassfish.jersey.server.mvc.jsp.JspMvcFeature</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.mvc.templateBasePath.jsp</param-name>
<param-value>/WEB-INF/jsp</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.tracing</param-name>
<param-value>ALL</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>jersey-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
I am using Swagger for REST api documentation, but facing issues with Container response filter filter used for jersey servlet and APIOriginFilter used for servlet for swagger. If I disable the Container response filter from jersey servlet swagger UI displays the APIs properly but the actual API call fails.
Please help and suggest how i can make common entry for the container response filter of jersey and api origin filter of swagger.
Below is snapshot from web.xml
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.harman.ctg.rest;com.wordnik.swagger.jersey.listing</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>com.harman.ctg.rest.helper.CrossOriginResourceSharingFilter</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.feature.DisableWADL</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>DefaultJaxrsConfig</servlet-name>
<servlet-class>com.wordnik.swagger.jaxrs.config.DefaultJaxrsConfig</servlet-class>
<init-param>
<param-name>api.version</param-name>
<param-value>1.0.0</param-value>
</init-param>
<init-param>
<param-name>swagger.api.basepath</param-name>
<param-value>http://localhost:8080/Pro_IDX_VAS_Web/api/3.0/api-docs</param-value>
</init-param>
<init-param>
<param-name>swagger.filter</param-name>
<param-value>com.harman.ctg.rest.helper.ApiAuthorizationFilterImpl</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/api/3.0/*</url-pattern>
</servlet-mapping>
<!-- Filter to secure Jersey (JAX-RS) services -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/api/3.0/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>ApiOriginFilter</filter-name>
<filter-class>com.harman.ctg.rest.helper.CrossOriginResourceSharingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ApiOriginFilter</filter-name>
<url-pattern>/api/3.0/*</url-pattern>
</filter-mapping>
I have created the REST web services using dynamic web project in eclipse and running in tomcat 7.
I am able to do basic authentication for the web services. Now I am trying to implement form based authentication.Now, any web service call from the browser shows 404 error instead of showing the login form.
May be , I guess the issue is path of the LoginForm.html. I have created the LoginForm.html directly under webcontent.
My web.xml code is
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>CustomerConnect</display-name>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>management pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<!-- <session-config> -->
<!-- <session-timeout> -->
<!-- 1 -->
<!-- </session-timeout> -->
<!-- </session-config> -->
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.feature.Redirect</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name>
<param-value>/views/</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
<param-value>/(images|css|jsp)/.*</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.bvbi.customerconnect.middletier</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<description>Location to store uploaded file</description>
<param-name>file-upload</param-name>
<param-value>
/home/bvbi/Desktop/apache-tomcat-7.0.26/webapps/CredoImages/
</param-value>
</context-param>
</web-app>
Your path configuration is correct. Remove * from your <url-pattern> inside the <servlet-mapping>.
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Does it make any difference?