JSP/Servlets and URL's

Re: JSP/Servlets and URL's

On 8 Nov 2003 07:31:22 -0800, daiichi@googlen ews.test.xhome. us
(DaiIchi) wrote:
[color=blue]
>When someone accesses my website with a URL like
>http://www.ebay.com@myreal.website.com, I want to be able to access
>the full URL. I can't seem to find a way to do this... is it
>possible?
>
>For reference: request.getRequ estURL() for the above URL will return
>"http://myreal.website. com" thus losing the "www.ebay.c om" part. I
>need a way of getting the exact requested URL.[/color]

Never mind. I found the answer to my problem: it cannot be done.
It's not a fault of the JSP (or Java) design. Although the above URL
is, by BNF definition, a valid URL, the browser only sends a "GET /"
with a "Host: myreal.website. com" -- which means that the extraneous
text "www.ebay.c om" is lost.

Oh well, back to the drawing board.

Re: JSP/Servlets and URL's

On Sat, 08 Nov 2003 07:31:22 -0800, DaiIchi wrote:
[color=blue]
> When someone accesses my website with a URL like
> http://www.ebay.com@myreal.website.com, I want to be able to access
> the full URL. I can't seem to find a way to do this... is it
> possible?
>
> For reference: request.getRequ estURL() for the above URL will return
> "http://myreal.website. com" thus losing the "www.ebay.c om" part. I
> need a way of getting the exact requested URL.[/color]

the part before the @ is the username part. it can contain for ex a
username and password to access an ftp site.

You can get the user information with the

getUserInfo()

method.

Re: JSP/Servlets and URL's


What class/package is getUserInfo() in? I viewed the page request
over port 80 and didn't see the browser transmitting the
username/password pair.... so I assume that it is inaccesible in an
HTTP session. I hope I was wrong.


On Sun, 09 Nov 2003 18:18:20 +0100, "TeCh" <TeCh@spelletje sgarnaal.be>
wrote:
[color=blue]
>On Sat, 08 Nov 2003 07:31:22 -0800, DaiIchi wrote:
>[color=green]
>> When someone accesses my website with a URL like
>> http://www.ebay.com@myreal.website.com, I want to be able to access
>> the full URL. I can't seem to find a way to do this... is it
>> possible?
>>
>> For reference: request.getRequ estURL() for the above URL will return
>> "http://myreal.website. com" thus losing the "www.ebay.c om" part. I
>> need a way of getting the exact requested URL.[/color]
>
>the part before the @ is the username part. it can contain for ex a
>username and password to access an ftp site.
>
>You can get the user information with the
>
>getUserInfo( )
>
>method.[/color]

Re: JSP/Servlets and URL's

The getUserInfo() method is a method of the URL class, but apparently
there's no way to get a URL object out of a servlet request :-(.

Google told me that

a method from the HttpUtils class should give me the full url but it
doesn't work for me.

On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:[color=blue]
> What class/package is getUserInfo() in? I viewed the page request over
> port 80 and didn't see the browser transmitting the username/password
> pair.... so I assume that it is inaccesible in an HTTP session. I hope I
> was wrong.[/color]

Re: JSP/Servlets and URL's

"TeCh" <TeCh@spelletje sgarnaal.be> wrote in message news:<pan.2003. 11.10.17.44.54. 821014@spelletj esgarnaal.be>.. .[color=blue]
> The getUserInfo() method is a method of the URL class, but apparently
> there's no way to get a URL object out of a servlet request :-(.
>
> Google told me that
>
> a method from the HttpUtils class should give me the full url but it
> doesn't work for me.
>
> On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:[color=green]
> > What class/package is getUserInfo() in? I viewed the page request over
> > port 80 and didn't see the browser transmitting the username/password
> > pair.... so I assume that it is inaccesible in an HTTP session. I hope I
> > was wrong.[/color][/color]

Ah, that explains it. I now know what you were proposing. But even
if request.getRequ estURL() (for example) returned a URL object, the
getUserInfo() would have been meaningless. Try this:

import java.io.*;
import java.net.*;

public class test {

public static void main(String args[]) throws Exception {

ServerSocket ssocket = new ServerSocket(80 );
Socket s = ssocket.accept( );

InputStream is = s.getInputStrea m();
int ch = 0;
while ( (ch = is.read()) != -1) {
System.out.prin t((char) ch);
}
}
}


Run it... and then open a browser an type the URL:

http://somepretendusername@localhost

You should see:

GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Notice how "somepretenduse rname" is *nowhere* in the browser-to-client
dialogue? So this portion of the username (and password) portion of a
URL is not passed to a web server in an HTTP exchange. Hence, Java
would have no way to even form a URL object with a working
getUserInfo() from the data above.

This is not a flaw of Java, as I said, it appears to be an issue with
the HTTP specification: even though username/password is a valid
formation of a URL, it isn't being passed by any of the browsers I
have (Mozilla or Internet Explorer). It would have been really useful
to me if it worked, though.

Re: JSP/Servlets and URL's

DaiIchi wrote:
[color=blue]
> "TeCh" <TeCh@spelletje sgarnaal.be> wrote in message
> news:<pan.2003. 11.10.17.44.54. 821014@spelletj esgarnaal.be>.. .[color=green]
>> The getUserInfo() method is a method of the URL class, but apparently
>> there's no way to get a URL object out of a servlet request :-(.
>>
>> Google told me that
>>
>> a method from the HttpUtils class should give me the full url but it
>> doesn't work for me.
>>
>> On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:[color=darkred]
>> > What class/package is getUserInfo() in? I viewed the page request over
>> > port 80 and didn't see the browser transmitting the username/password
>> > pair.... so I assume that it is inaccesible in an HTTP session. I hope
>> > I was wrong.[/color][/color]
>
> Ah, that explains it. I now know what you were proposing. But even
> if request.getRequ estURL() (for example) returned a URL object, the
> getUserInfo() would have been meaningless. Try this:
>
> import java.io.*;
> import java.net.*;
>
> public class test {
>
> public static void main(String args[]) throws Exception {
>
> ServerSocket ssocket = new ServerSocket(80 );
> Socket s = ssocket.accept( );
>
> InputStream is = s.getInputStrea m();
> int ch = 0;
> while ( (ch = is.read()) != -1) {
> System.out.prin t((char) ch);
> }
> }
> }
>
>
> Run it... and then open a browser an type the URL:
>
> http://somepretendusername@localhost
>
> You should see:
>
> GET / HTTP/1.1
> Host: localhost
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
> Gecko/20030624
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
> Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
>
> Notice how "somepretenduse rname" is *nowhere* in the browser-to-client
> dialogue? So this portion of the username (and password) portion of a
> URL is not passed to a web server in an HTTP exchange. Hence, Java
> would have no way to even form a URL object with a working
> getUserInfo() from the data above.
>
> This is not a flaw of Java, as I said, it appears to be an issue with
> the HTTP specification: even though username/password is a valid
> formation of a URL, it isn't being passed by any of the browsers I
> have (Mozilla or Internet Explorer). It would have been really useful
> to me if it worked, though.[/color]

The way this works in HTTP-land is that the page is marked in the server as
password-protected, so it responds to the browser with a demand for
credentials for this "realm". At this point the browser should repeat the
request but with a name and password, and then getUserInfo() should work.

Check the documentation for your JSP software to see how you go about
password-protecting a page. Alternatively, consider passing the
identification info you want some other way, e.g. as a query string
(http://www.acme.com/?dailchi).

--
Chris Gray chris@kiffer.eu net.be

Re: JSP/Servlets and URL's

On Tue, 11 Nov 2003 22:29:50 +0100, chris <chris@kiffer.e unet.be>
wrote:
[color=blue]
>DaiIchi wrote:
>[/color]
.... <<SNIP>>...[color=blue][color=green]
>>
>> Notice how "somepretenduse rname" is *nowhere* in the browser-to-client
>> dialogue? So this portion of the username (and password) portion of a
>> URL is not passed to a web server in an HTTP exchange. Hence, Java
>> would have no way to even form a URL object with a working
>> getUserInfo() from the data above.
>>
>> This is not a flaw of Java, as I said, it appears to be an issue with
>> the HTTP specification: even though username/password is a valid
>> formation of a URL, it isn't being passed by any of the browsers I
>> have (Mozilla or Internet Explorer). It would have been really useful
>> to me if it worked, though.[/color]
>
>The way this works in HTTP-land is that the page is marked in the server as
>password-protected, so it responds to the browser with a demand for
>credentials for this "realm". At this point the browser should repeat the
>request but with a name and password, and then getUserInfo() should work.
>
>Check the documentation for your JSP software to see how you go about
>password-protecting a page. Alternatively, consider passing the
>identificati on info you want some other way, e.g. as a query string
>(http://www.acme.com/?dailchi).[/color]

You're right, of course... but the problem is that I don't *want* to
password protect the page--doing so will make the JSP server make the
determination of whether or not to reject the request. I'd like to
always give access to the request, but let the target .JSP file make
the decision based on the username/password passed in the URL.

Thanks for the help.