[Geoserver-devel] Opening the META-INF/web.xml

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian

Hmmm… not sure this is doable in a robust way across container implementations. The servlet api itself is the mechanism meant to convey info from the web.xml to the application. But of course it doesn’t give you everything.

http://stackoverflow.com/questions/520467/how-to-read-the-web-xml-from-a-webapp

On Fri, Jan 4, 2013 at 6:09 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian


Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only – learn more at:
http://p.sf.net/sfu/learnmore_122812


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

Testing with Jetty, I had success with

GeoServerResourceLoader loader = (GeoServerResourceLoader) GeoServerExtensions.bean(“resourceLoader”);
File webXML = loader.find( “web.xml” );

I will check on tomcat too.

2013/1/4 Justin Deoliveira <jdeolive@anonymised.com501…>

Hmmm… not sure this is doable in a robust way across container implementations. The servlet api itself is the mechanism meant to convey info from the web.xml to the application. But of course it doesn’t give you everything.

http://stackoverflow.com/questions/520467/how-to-read-the-web-xml-from-a-webapp

On Fri, Jan 4, 2013 at 6:09 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian


Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only – learn more at:
http://p.sf.net/sfu/learnmore_122812


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

The code snippet in my previous mail works with tomcat too. I will use it.

2013/1/5 Christian Mueller <mcrmcr21@anonymised.com.403…>

Testing with Jetty, I had success with

GeoServerResourceLoader loader = (GeoServerResourceLoader) GeoServerExtensions.bean(“resourceLoader”);
File webXML = loader.find( “web.xml” );

I will check on tomcat too.

2013/1/4 Justin Deoliveira <jdeolive@anonymised.com501…>

Hmmm… not sure this is doable in a robust way across container implementations. The servlet api itself is the mechanism meant to convey info from the web.xml to the application. But of course it doesn’t give you everything.

http://stackoverflow.com/questions/520467/how-to-read-the-web-xml-from-a-webapp

On Fri, Jan 4, 2013 at 6:09 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian


Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only – learn more at:
http://p.sf.net/sfu/learnmore_122812


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

I wonder if this is considered a mal practice… also jetty and tomcat are a pretty limited set of containers to test on. Will this code be local to an extension or community module? Or in the core security module?

···

On Fri, Jan 11, 2013 at 3:21 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

The code snippet in my previous mail works with tomcat too. I will use it.

2013/1/5 Christian Mueller <mcrmcr21@anonymised.com>

Testing with Jetty, I had success with

GeoServerResourceLoader loader = (GeoServerResourceLoader) GeoServerExtensions.bean(“resourceLoader”);
File webXML = loader.find( “web.xml” );

I will check on tomcat too.

2013/1/4 Justin Deoliveira <jdeolive@anonymised.com501…>

Hmmm… not sure this is doable in a robust way across container implementations. The servlet api itself is the mechanism meant to convey info from the web.xml to the application. But of course it doesn’t give you everything.

http://stackoverflow.com/questions/520467/how-to-read-the-web-xml-from-a-webapp

On Fri, Jan 4, 2013 at 6:09 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian


Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only – learn more at:
http://p.sf.net/sfu/learnmore_122812


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

Ahh, I see the title of the thread is wrong. It should be WEB-INF/web.xml, not META-INF/web.xml

AFAIK, the WEB-INF directory is place for files to be used by the container internally (not accessible from web clients). As an example, CAS is putting all its config files in this directory.

Please have a look at
http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html

method: getResourcePaths

I think a call like ServletContext–>getResource(“/WEB-INF/web.xml”) is ok.

This code is in the core module because the intension is to support the J2EE authentication filter which is in the core module too.

Christian

2013/1/11 Justin Deoliveira <jdeolive@anonymised.com>

···

On Fri, Jan 11, 2013 at 3:21 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

The code snippet in my previous mail works with tomcat too. I will use it.

2013/1/5 Christian Mueller <mcrmcr21@anonymised.com>

Testing with Jetty, I had success with

GeoServerResourceLoader loader = (GeoServerResourceLoader) GeoServerExtensions.bean(“resourceLoader”);
File webXML = loader.find( “web.xml” );

I will check on tomcat too.

2013/1/4 Justin Deoliveira <jdeolive@anonymised.com501…>

Hmmm… not sure this is doable in a robust way across container implementations. The servlet api itself is the mechanism meant to convey info from the web.xml to the application. But of course it doesn’t give you everything.

http://stackoverflow.com/questions/520467/how-to-read-the-web-xml-from-a-webapp

On Fri, Jan 4, 2013 at 6:09 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi guys, need some hints.

I am working on a security improvement for using J2EE roles. The idea is to introduce a new read only role service. The service should extract the roles from web.xml.

I am unsure about the best way to open the web.xml for parsing.

Thanks for your help, a code snippet would be nice :slight_smile:

Christian


Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only – learn more at:
http://p.sf.net/sfu/learnmore_122812


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.