While working on the XSS problem,
https://embeddedtst.eecs.berkeley.edu:448/embeddedj/resetpassword.jsp
came up with
Apache Tomcat/4.0.4 - HTTP Status 404 - /embeddedj/resetpassword.jsp type Status report message /embeddedj/resetpassword.jsp description The requested resource (/embeddedj/resetpassword.jsp) is not available.
catalina.out
said
However, if I remove the text below fromorg.xml.sax.SAXParseException: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,context-param*,filter*,filter-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,welcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security-constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*)".
2008-12-20 19:01:17 ContextConfig[/embeddedj]: Occurred at line 191 column 11
2008-12-20 19:01:17 ContextConfig[/embeddedj]: Marking this application unavailable due to previous error(s)
2008-12-20 19:01:17 StandardContext[/embeddedj]: Error initializing naming context for context /embeddedj
2008-12-20 19:01:17 StandardContext[/embeddedj]: Context startup failed due to previous errors
2008-12-20 19:01:17 StandardContext[/embeddedj]: Error initializing naming context for context /embeddedj
web.xml
, then it works again.
<filter> <filter-name>XSS</filter-name> <display-name>XSS</display-name> <description></description> <filter-class>gsrc.util.xssfilter.CrossScriptingFilter</filter-class> </filter> <filter-mapping> <filter-name>XSS</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>It turns out that order matters Running
xmllint -dtdvalid http://java.sun.com/dtd/web-app_2_3.dtd ~/java/gigascale/WEB-INF/web.xml
yields
/home/www/java/gigascale/WEB-INF/web.xml:9: element web-app: validity error : Element web-app content does not follow the DTD, expecting (icon? , display-name? , description? , distributable? , context-param* , filter* , filter-mapping* , listener* , servlet* , servlet-mapping* , session-config? , mime-mapping* , welcome-file-list? , error-page* , taglib* , resource-env-ref* , resource-ref* , security-constraint* , login-config? , security-role* , env-entry* , ejb-ref* , ejb-local-ref*), got (display-name filter filter-mapping context-param listener servlet servlet servlet servlet servlet servlet servlet-mapping taglib taglib taglib taglib taglib taglib taglib taglib )
Document /home/www/java/gigascale/WEB-INF/web.xml does not validate against http://java.sun.com/dtd/web-app_2_3.dtd
The solution is to put the filter
text
after the context
section.
http://embedded.eecs.berkeley.edu/gsrcj/servlet/WorkshopRegistration?workshopID=2
:
HTTP Status 404 - /gsrcj/servlet/WorkshopRegistration type Status report message /gsrcj/servlet/WorkshopRegistration description The requested resource (/gsrcj/servlet/WorkshopRegistration) is not available. Apache Tomcat/4.1.39-LE-jdk14Also,
catalina.out
contained
0 active IDswhich comes from
src_testrelease/javapages/common/gsrc/workshop/WorkshopTheme.java
. However, that
seems to be a red herring as the code that prints the message is not obviously failing.
The problem was that we were referring to
gsrcj
instead of embeddedj
The fix was to edit /home/www/java/embedded/editworkshop.jsp
and Restart Tomcat.
Also, /home/www/src_testrelease/javapages/embedded/gsrc/workshop/editworkshop.jsp
was edited and checked in.