JSP/Servlets and URL's

On 8 Nov 2003 07:31:22 -0800, da*****@googlenews.test.xhome.us
(DaiIchi) wrote:

When someone accesses my website with a URL like
http://ww**********@myreal.website.com, I want to be able to access
the full URL. I can't seem to find a way to do this... is it
possible?

For reference: request.getRequestURL() for the above URL will return
"http://myreal.website.com" thus losing the "www.ebay.com" part. I
need a way of getting the exact requested URL.

Never mind. I found the answer to my problem: it cannot be done.
It's not a fault of the JSP (or Java) design. Although the above URL
is, by BNF definition, a valid URL, the browser only sends a "GET /"
with a "Host: myreal.website.com" -- which means that the extraneous
text "www.ebay.com" is lost.

Oh well, back to the drawing board.

On Sat, 08 Nov 2003 07:31:22 -0800, DaiIchi wrote:

When someone accesses my website with a URL like
http://ww**********@myreal.website.com, I want to be able to access
the full URL. I can't seem to find a way to do this... is it
possible?

For reference: request.getRequestURL() for the above URL will return
"http://myreal.website.com" thus losing the "www.ebay.com" part. I
need a way of getting the exact requested URL.

the part before the @ is the username part. it can contain for ex a
username and password to access an ftp site.

You can get the user information with the

getUserInfo()

method.

What class/package is getUserInfo() in? I viewed the page request
over port 80 and didn't see the browser transmitting the
username/password pair.... so I assume that it is inaccesible in an
HTTP session. I hope I was wrong.
On Sun, 09 Nov 2003 18:18:20 +0100, "TeCh" <Te**@spelletjesgarnaal.be>
wrote:

On Sat, 08 Nov 2003 07:31:22 -0800, DaiIchi wrote:

When someone accesses my website with a URL like
http://ww**********@myreal.website.com, I want to be able to access
the full URL. I can't seem to find a way to do this... is it
possible?

For reference: request.getRequestURL() for the above URL will return
"http://myreal.website.com" thus losing the "www.ebay.com" part. I
need a way of getting the exact requested URL.

the part before the @ is the username part. it can contain for ex a
username and password to access an ftp site.

You can get the user information with the

getUserInfo()

method.

The getUserInfo() method is a method of the URL class, but apparently
there's no way to get a URL object out of a servlet request :-(.

Google told me that

a method from the HttpUtils class should give me the full url but it
doesn't work for me.

On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:

What class/package is getUserInfo() in? I viewed the page request over
port 80 and didn't see the browser transmitting the username/password
pair.... so I assume that it is inaccesible in an HTTP session. I hope I
was wrong.

"TeCh" <Te**@spelletjesgarnaal.be> wrote in message news:<pa****************************@spelletjesgar naal.be>...

The getUserInfo() method is a method of the URL class, but apparently
there's no way to get a URL object out of a servlet request :-(.

Google told me that

a method from the HttpUtils class should give me the full url but it
doesn't work for me.

On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:

What class/package is getUserInfo() in? I viewed the page request over
port 80 and didn't see the browser transmitting the username/password
pair.... so I assume that it is inaccesible in an HTTP session. I hope I
was wrong.

Ah, that explains it. I now know what you were proposing. But even
if request.getRequestURL() (for example) returned a URL object, the
getUserInfo() would have been meaningless. Try this:

import java.io.*;
import java.net.*;

public class test {

public static void main(String args[]) throws Exception {

ServerSocket ssocket = new ServerSocket(80);
Socket s = ssocket.accept();

InputStream is = s.getInputStream();
int ch = 0;
while ( (ch = is.read()) != -1) {
System.out.print((char) ch);
}
}
}
Run it... and then open a browser an type the URL:

http://somepretendusername@localhost

You should see:

GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Notice how "somepretendusername" is *nowhere* in the browser-to-client
dialogue? So this portion of the username (and password) portion of a
URL is not passed to a web server in an HTTP exchange. Hence, Java
would have no way to even form a URL object with a working
getUserInfo() from the data above.

This is not a flaw of Java, as I said, it appears to be an issue with
the HTTP specification: even though username/password is a valid
formation of a URL, it isn't being passed by any of the browsers I
have (Mozilla or Internet Explorer). It would have been really useful
to me if it worked, though.

DaiIchi wrote:

"TeCh" <Te**@spelletjesgarnaal.be> wrote in message
news:<pa****************************@spelletjesgar naal.be>...

The getUserInfo() method is a method of the URL class, but apparently
there's no way to get a URL object out of a servlet request :-(.

Google told me that

a method from the HttpUtils class should give me the full url but it
doesn't work for me.

On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote:

> What class/package is getUserInfo() in? I viewed the page request over
> port 80 and didn't see the browser transmitting the username/password
> pair.... so I assume that it is inaccesible in an HTTP session. I hope
> I was wrong.

Ah, that explains it. I now know what you were proposing. But even
if request.getRequestURL() (for example) returned a URL object, the
getUserInfo() would have been meaningless. Try this:

import java.io.*;
import java.net.*;

public class test {

public static void main(String args[]) throws Exception {

ServerSocket ssocket = new ServerSocket(80);
Socket s = ssocket.accept();

InputStream is = s.getInputStream();
int ch = 0;
while ( (ch = is.read()) != -1) {
System.out.print((char) ch);
}
}
}
Run it... and then open a browser an type the URL:

http://somepretendusername@localhost

You should see:

GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Notice how "somepretendusername" is *nowhere* in the browser-to-client
dialogue? So this portion of the username (and password) portion of a
URL is not passed to a web server in an HTTP exchange. Hence, Java
would have no way to even form a URL object with a working
getUserInfo() from the data above.

This is not a flaw of Java, as I said, it appears to be an issue with
the HTTP specification: even though username/password is a valid
formation of a URL, it isn't being passed by any of the browsers I
have (Mozilla or Internet Explorer). It would have been really useful
to me if it worked, though.

The way this works in HTTP-land is that the page is marked in the server as
password-protected, so it responds to the browser with a demand for
credentials for this "realm". At this point the browser should repeat the
request but with a name and password, and then getUserInfo() should work.

Check the documentation for your JSP software to see how you go about
password-protecting a page. Alternatively, consider passing the
identification info you want some other way, e.g. as a query string
(http://www.acme.com/?dailchi).

--
Chris Gray ch***@kiffer.eunet.be

On Tue, 11 Nov 2003 22:29:50 +0100, chris <ch***@kiffer.eunet.be>
wrote:

DaiIchi wrote:

.... <<SNIP>>...

Notice how "somepretendusername" is *nowhere* in the browser-to-client
dialogue? So this portion of the username (and password) portion of a
URL is not passed to a web server in an HTTP exchange. Hence, Java
would have no way to even form a URL object with a working
getUserInfo() from the data above.

This is not a flaw of Java, as I said, it appears to be an issue with
the HTTP specification: even though username/password is a valid
formation of a URL, it isn't being passed by any of the browsers I
have (Mozilla or Internet Explorer). It would have been really useful
to me if it worked, though.

The way this works in HTTP-land is that the page is marked in the server as
password-protected, so it responds to the browser with a demand for
credentials for this "realm". At this point the browser should repeat the
request but with a name and password, and then getUserInfo() should work.

Check the documentation for your JSP software to see how you go about
password-protecting a page. Alternatively, consider passing the
identification info you want some other way, e.g. as a query string
(http://www.acme.com/?dailchi).

You're right, of course... but the problem is that I don't *want* to
password protect the page--doing so will make the JSP server make the
determination of whether or not to reject the request. I'd like to
always give access to the request, but let the target .JSP file make
the decision based on the username/password passed in the URL.

Thanks for the help.