Я унаследовал массу старого Java-веб-кода, изобилующего проблемами безопасности. Я пытаюсь использовать jstl (c: out) для решения некоторых проблем, вызванных использованием простой out.println ().
Этот веб-код Java не основан на какой-либо недавней / современной среде. Это по сути сырой код сервлета. Он использует веб-сервер Jetty (версия 9.3), который запускается как пакет OSGI. Веб-интерфейс состоит из нескольких отдельных веб-приложений, развернутых с файлами .WAR, и я просто сосредоточусь на одном из них.
Я включил директиву taglib вверху проблемного файла jsp следующим образом:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
Когда я в первый раз захожу на страницу jsp, в журнале пристани вижу следующее:
2019-01-08 20:44:44,606 qtp1697835528-134 WARN org.eclipse.jetty.servlet.ServletHandler -
org.apache.jasper.JasperException: /jsp/applicationsChoice.jsp(1,63) PWC6188: The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application
at ...
Теперь я видел другие посты на эту тему, в которых говорится, что вы должны включить jar-файл jstl (версия 1.2.x) в каталог WEB-INF / lib веб-приложений. Первоначально это не было сделано для этого веб-приложения. Итак, я сделал это, перестроил, а затем заново развернул файл WAR. Тем не менее, я получаю ту же ошибку / исключение при переходе на страницу JSP. Я также проверил jar-файлы для Jetty, и они содержат множество записей jstl.
Это мое первое знакомство с Java Web Dev, и я нахожусь в тупике от того, что делать или пробовать. Любая помощь будет принята с благодарностью.
Обновление моего вопроса с помощью файла web.xml ... Для справки, я попробовал несколько разных изменений в файле web.xml с помощью
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_5.dtd">
-->
<web-app version="2.5">
<!--
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
-->
<display-name>Installation process</display-name>
<description>
This is version 1.0 of the installation process
based on JSP pages.
</description>
<session-config>
<session-timeout>30</session-timeout> <!-- 30 minutes -->
</session-config>
<!--welcome-file-list>
<welcome-file>jsp/install.jsp</welcome-file>
</welcome-file-list-->
<error-page>
<error-code>403</error-code>
<location>/deny</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/notFound</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/internalError</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/serviceUnavail</location>
</error-page>
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
<init-param>
<param-name>dirAllowed</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Import the common error servlets -->
<servlet>
<servlet-name>Deny</servlet-name>
<servlet-class>com.alcatel.as.webadmin.common.servlet.errors.Deny</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Deny</servlet-name>
<url-pattern>/deny</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>NotFound</servlet-name>
<servlet-class>com.alcatel.as.webadmin.common.servlet.errors.NotFound404</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>NotFound</servlet-name>
<url-pattern>/notFound</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>InternalError</servlet-name>
<servlet-class>com.alcatel.as.webadmin.common.servlet.errors.InternalError500</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>InternalError</servlet-name>
<url-pattern>/internalError</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ServiceUnavail</servlet-name>
<servlet-class>com.alcatel.as.webadmin.common.servlet.errors.ServiceUnavail503</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ServiceUnavail</servlet-name>
<url-pattern>/serviceUnavail</url-pattern>
</servlet-mapping>
<!-- Import the common login servlet -->
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>com.alcatel.as.webadmin.common.servlet.login.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Doc</servlet-name>
<servlet-class>com.alcatel_lucent.doc.DocServlet</servlet-class>
<load-on-startup/>
</servlet>
<servlet>
<servlet-name>View</servlet-name>
<servlet-class>com.alcatel_lucent.doc.ViewServlet</servlet-class>
<load-on-startup/>
</servlet>
<!-- The following servlet-mapping maps the servlet called SampleServlet1 (see the servlet element)
to a url-pattern of "foo". The url-pattern is used when requesting this servlet, for example:
http://host:port/myWebApp/foo. -->
<servlet-mapping>
<servlet-name>Doc</servlet-name>
<url-pattern>doc</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>View</servlet-name>
<url-pattern>view</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Installation Licence Constraint</display-name>
<web-resource-collection>
<web-resource-name>Licence Area</web-resource-name>
<url-pattern>/jsp/licenseSetup.jsp</url-pattern>
<url-pattern>/jsp/licenseSetupS.jsp</url-pattern>
<url-pattern>/jsp/licenseViewer.jsp</url-pattern>
<url-pattern>/jsp/copyLicense.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>license</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation Add/update products Constraint</display-name>
<web-resource-collection>
<web-resource-name>Product Area</web-resource-name>
<url-pattern>/jsp/applicationsChoice.jsp</url-pattern>
<url-pattern>/jsp/generateIdx.jsp</url-pattern>
<url-pattern>/jsp/updateBase.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>product</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation slave Constraint</display-name>
<web-resource-collection>
<web-resource-name>slave Area</web-resource-name>
<url-pattern>/jsp/slaveBaseSetup.jsp</url-pattern>
<url-pattern>/jsp/slaveBaseSetupS.jsp</url-pattern>
<url-pattern>/jsp/startSlaveBase.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>slavedb</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation HA Constraint</display-name>
<web-resource-collection>
<web-resource-name>HA Area</web-resource-name>
<url-pattern>/jsp/haSetup.jsp</url-pattern>
<url-pattern>/jsp/haSetupS.jsp</url-pattern>
<url-pattern>/jsp/haDeploy.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>ha</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation Add/update hosts Constraint</display-name>
<web-resource-collection>
<web-resource-name>Add/update hosts Area</web-resource-name>
<url-pattern>/jsp/hostsChoice.jsp</url-pattern>
<url-pattern>/jsp/addHost.jsp</url-pattern>
<url-pattern>/jsp/hostsChoiceS.jsp</url-pattern>
<url-pattern>/jsp/discoverSetupS.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>hosts</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation Documentation Constraint</display-name>
<web-resource-collection>
<web-resource-name>Documentation Area</web-resource-name>
<url-pattern>/jsp/viewDoc.jsp</url-pattern>
<url-pattern>/doc</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
<role-name>docs</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Installation Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>asr-admin</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>license</role-name>
</security-role>
<security-role>
<role-name>product</role-name>
</security-role>
<security-role>
<role-name>slavedb</role-name>
</security-role>
<security-role>
<role-name>ha</role-name>
</security-role>
<security-role>
<role-name>hosts</role-name>
</security-role>
<security-role>
<role-name>docs</role-name>
</security-role>
<security-role>
<role-name>subadministrator</role-name>
</security-role>
</web-app>
Пожалуйста, имейте в виду, что я не создавал и не структурировал этот проект / код, и я не понимаю, как OSGI взаимодействует с этим, но в родительском каталоге проекта также есть файл webdefault.xml и файл webdoc.xml. Структура каталогов следующая:
../Install/install
-> webdefault.xml
-> webdoc.xml
-> WEB-INF/
-> lib/jstl-1.2.jar (I recently added this here -- doesn't help)
-> web.xml
Вот файлы webdefault.xml и webdoc.xml
webdefault.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- ===================================================================== -->
<!-- Diffs Nokia/Jetty: -->
<!-- -->
<!-- * set default session timeout "-5555" to be able to use the value -->
<!-- of the callout agent as default value -->
<!-- see DistributedSessionManager.defineUseOfDefaultTimeout() -->
<!-- -->
<!-- * JspServlet -->
<!-- development = false -->
<!-- reloading = false -->
<!-- -->
<!-- ===================================================================== -->
<!-- ===================================================================== -->
<!-- This file contains the default descriptor for web applications. -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- The intent of this descriptor is to include jetty specific or common -->
<!-- configuration for all webapps. If a context has a webdefault.xml -->
<!-- descriptor, it is applied before the contexts own web.xml file -->
<!-- -->
<!-- A context may be assigned a default descriptor by: -->
<!-- + Calling WebApplicationContext.setDefaultsDescriptor -->
<!-- + Passed an arg to addWebApplications -->
<!-- -->
<!-- This file is used both as the resource within the jetty.jar (which is -->
<!-- used as the default if no explicit defaults descriptor is set) and it -->
<!-- is copied to the etc directory of the Jetty distro and explicitly -->
<!-- by the jetty.xml file. -->
<!-- -->
<!-- ===================================================================== -->
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
metadata-complete="true"
version="2.5">
<description>
Default web.xml file.
This file is applied to a Web application before it's own WEB_INF/web.xml file
</description>
-- stuff removed for brevity -- unless you think it's important
</web-app>
Вот файл webdoc.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
metadata-complete="true"
version="2.5">
<description>
Default web.xml file.
This file is applied to a Web application before it's own WEB_INF/web.xml file
</description>
<context-param>
<param-name>org.eclipse.jetty.webapp.NoTLDJarPattern</param-name>
<param-value>start.jar|ant-.*\.jar|dojo-.*\.jar|jetty-.*\.jar|jsp-api-.*\.jar|junit-.*\.jar|servlet-api-.*\.jar|dnsns\.jar|rt\.jar|jsse\.jar|tools\.jar|sunpkcs11\.jar|sunjce_provider\.jar|xerces.*\.jar</param-value>
</context-param>
<servlet id="jsp">
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>logVerbosityLevel</param-name>
<param-value>DEBUG</param-value>
</init-param>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>development</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>checkInterval</param-name>
<param-value>5</param-value>
</init-param>
<init-param>
<param-name>reloading</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>keepgenerated</param-name>
<param-value>true</param-value>
</init-param>
<!--
<init-param>
<param-name>classpath</param-name>
<param-value>?</param-value>
</init-param>
-->
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspf</url-pattern>
<url-pattern>*.jspx</url-pattern>
<url-pattern>*.xsp</url-pattern>
<url-pattern>*.JSP</url-pattern>
<url-pattern>*.JSPF</url-pattern>
<url-pattern>*.JSPX</url-pattern>
<url-pattern>*.XSP</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>invoker</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.Invoker</servlet-class>
<init-param>
<param-name>verbose</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>nonContextServlets</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>dynamicParam</param-name>
<param-value>anyValue</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
.. some constraint stuff and other miscellaneous stuff removed for brevity ..
</web-app>