aspose file tools*
The moose likes Tomcat and the fly likes how to write correct url-pattern in security-constraint in tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "how to write correct url-pattern in security-constraint in tomcat" Watch "how to write correct url-pattern in security-constraint in tomcat" New topic
Author

how to write correct url-pattern in security-constraint in tomcat

Vilpesh Mistry
Ranch Hand

Joined: May 27, 2003
Posts: 62
hi all
well my requirement is to protect all jsp pages outside the WEB-INF folder.
my web.xml looks like this
<security-constraint>
<web-resource-collection>
<web-resource-name>ABC</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>

also i have the following in the web.xml
<!-- The Usual Welcome File List -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

now becoz of above i am not allowed access to index.jsp

i tried to change <url-pattern> to
<url-pattern>beer/*.jsp</url-pattern> where beer is the name of context/ folder in web-apps in tomcat
OR to <url-pattern>/beer/*.jsp</url-pattern>

but my tomcat(Apache Tomcat/5.0.19) gives error

so need to know all the rules which can be used to make valid url-pattern

thanks


Thanks.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12785
    
    5
Is that the ../conf/web.xml file that you have modified or the web.xml specific to the /beer webapp?
What is the exact error messge?
Bill
Vilpesh Mistry
Ranch Hand

Joined: May 27, 2003
Posts: 62
hello bill,
well i MODIFIED the web.xml in the web-apps ie under beer/web-inf/web.xml

THE ERROR LISTING IS(happens when u start tomcat)
.....
Nov 23, 2004 11:34:30 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.0.19
Nov 23, 2004 11:34:30 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Nov 23, 2004 11:34:33 AM org.apache.commons.digester.Digester endElement
SEVERE: End event threw exception
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:252)
at org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256)
at org.apache.commons.digester.Rule.end(Rule.java:276)
at org.apache.commons.digester.Digester.endElement(Digester.java:1058)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:300)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:641)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:253)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:832)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345)
at org.apache.catalina.startup.Catalina.start(Catalina.java:594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
Caused by: java.lang.IllegalArgumentException: Invalid <url-pattern> /beer/*.jsp in security constraint
at org.apache.catalina.core.StandardContext.addConstraint(StandardContext.java:1787)
... 38 more
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig applicationConfig
SEVERE: Parse error in application web.xml
java.lang.IllegalArgumentException: Invalid <url-pattern> /beer/*.jsp in security constraint
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:300)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:641)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:253)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:832)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345)
at org.apache.catalina.startup.Catalina.start(Catalina.java:594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig applicationConfig
SEVERE: Occurred at line 106 column 23
Nov 23, 2004 11:34:33 AM org.apache.catalina.startup.ContextConfig start
SEVERE: Marking this application unavailable due to previous error(s)
Nov 23, 2004 11:34:33 AM org.apache.catalina.core.StandardContext start
SEVERE: Error getConfigured
Nov 23, 2004 11:34:33 AM org.apache.catalina.core.StandardContext start
SEVERE: Context startup failed due to previous errors


thanks
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12785
    
    5
Well, thats pretty obvious

it doesn't like the way you wrote the url-pattern.
I have never done this so I don't know what it is looking for, but if it was my problem I would try removing that leading /beer since url-pattern tags for a web-app don't usually mention the web-app directory.

Bill
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

The exact problem with this pattern: "/beer/*.jsp "

Is that it starts with a '/', indicating a path mapping, and ends with and extension mapping.

URL-patterns must be one of the following:

- start with a '/' and end with a '/*', use this one for path patterns
- start with a '*.' and end with a character, use this for extension mapping
- some sequence of characters starting with '/' and not ending in '*', use this for exact matches.

If you want to secure the /beer pages, then the pattern should be "/beer/*"
Vilpesh Mistry
Ranch Hand

Joined: May 27, 2003
Posts: 62
hi
thanks mike for the rules given for URL-patterns

i tried using <url-pattern>/beer/*</url-pattern>
tomcat doesnot give error but when i try to access the jsp page, the page is rendered so i am using <url-pattern>*.jsp</url-pattern>.By this no access is given to my jsp pages

thanks
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

ah. well if your application is being mapped to '/beer', then the url-pattern /beer/* would apply to urls like this:

http://domain.com/beer/beer/foo.jsp

Don't include the name of the application in any of your url-patterns (this applies not just to security constraints, but for any url-patterns anywhere).
Glenio Alexandre Nogueira
Greenhorn

Joined: Dec 02, 2004
Posts: 4
Hi, if you want to filter many types of files, then add an extra filter-mapping. It works:
<filter-mapping>
<filter-name>Filter 1</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Filter 1</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>

Bye.
Gl´┐Żnio Alexandre

Originally posted by Mike Curwen:
ah. well if your application is being mapped to '/beer', then the url-pattern /beer/* would apply to urls like this:

http://domain.com/beer/beer/foo.jsp

Don't include the name of the application in any of your url-patterns (this applies not just to security constraints, but for any url-patterns anywhere).
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to write correct url-pattern in security-constraint in tomcat