This is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>SnoopServlet</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<description></description>
<display-name>MySnoopServlet</display-name>
<servlet-name>MySnoopServlet</servlet-name>
<servlet-class>MySnoopServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MySnoopServlet</servlet-name>
<url-pattern>/MySnoopServlet</url-pattern>
</servlet-mapping>
</web-app>
This is the weblogic.xml:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.9/weblogic-web-app.xsd">
<wls:weblogic-version>12.2.1.2</wls:weblogic-version>
<wls:context-root>SnoopServlet</wls:context-root>
</wls:weblogic-web-app>
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@SuppressWarnings("serial")
public class MySnoopServlet extends HttpServlet
{
public int mycount = 0;
public MySnoopServlet()
{
}
public void destroy()
{
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
mycount+=1;
HttpSession session;
PrintWriter out;
response.setContentType("text/html");
session = request.getSession();
out = response.getWriter();
try {
out.println("<html>");
out.println("<head><title>SnoopServlet</title></head>");
out.println("<body text='#ffffff' bgcolor='#666699' link='#ffffff' vlink='#ffffff' alink='#ffffff'>");
out.println("<p>The servlet has received a GET. This is the reply.</p>");
out.flush();
out.print("<p>Request");
out.print("<br>Principal = " + request.getUserPrincipal());
out.print("<br>URL = " + request.getRequestURL().toString());
out.print("<br>AuthType = " + request.getAuthType());
out.print("<br>RemoteUser = " + request.getRemoteUser());
out.print("<br>ServerName = " + System.getProperty("weblogic.Name"));
out.print("<br>SessionID = " + session.getId());
out.println("<br><hr> <br>");
Enumeration enum1 = request.getHeaderNames();
out.print("<p>Header");
String item;
for(; enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getHeader(item)))
item = (String)enum1.nextElement();
out.flush();
out.println("<br><hr> <br>");
out.print("<p>Attributes");
for(enum1 = request.getAttributeNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getAttribute(item)))
item = (String)enum1.nextElement();
out.flush();
out.println("<br><hr> <br>");
out.print("<p>Parameters");
for(enum1 = request.getParameterNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getParameter(item)))
item = (String)enum1.nextElement();
out.println("<br><hr> <br>");
out.flush();
}
catch (Throwable th) {
out.print("<pre>");
th.printStackTrace();
th.printStackTrace(out);
out.print("</pre>");
}
finally {
out.println("</body></html>");
}
return;
}
public void init()
throws ServletException
{
}
}
http://localhost:7001/SnoopServlet/MySnoopServlet?pippo=pluto
The servlet has received a GET. This is the reply. Request Principal = null URL = http://192.168.56.1:7001/SnoopServlet/MySnoopServlet AuthType = null RemoteUser = null ServerName = AdminServer SessionID = MHcJQYLAVotakdRTZ2rAwUj_sRjWlQ3Bui-_d50iyOJwAwNJW6B2!837838669!1486213972672 Header Host=192.168.56.1:7001 User-Agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Cookie=JSESSIONID=MowJK_Z1Wj2l48jsHZqf21DItW3tklujnqPmzh6Uj9vnI9CEtDfX!-1767948456 Connection=keep-alive Upgrade-Insecure-Requests=1 Attributes Parameters pippo=pluto
The JSP can be found in $WL_HOME/samples/server/examples/src/examples/security/sslclient/src/main/webapp/SnoopServlet.jsp
<!-- Copyright (c) 1999,2015, Oracle and/or its affiliates. All Rights Reserved.-->
<%@ page import="java.util.Enumeration,
java.io.PrintWriter"%>
<%!
/**
* <p>This helper method can be used to help prevent Cross Site Scripting
* vulnerabilities. Any Servlet or JSP which sends user input (eg.
* query parameters in HTTP requests) to be rendered into a user's browser
* needs to use this method to encode the user input. This ensures that any
* HTML in their input (either malicious or otherwise) is not executed by
* the browser. This is achieved by converting characters to their HTML
* escaped form. For example, '&' is converted to '&amp;'.
* <p>
* A full description of Cross Site Scripting (XSS) vulnerabilities can
* be found at
* <a href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">
* http://www.cert.org/tech_tips/malicious_code_mitigation.html</a>.
*
* @param str
*/
public String encodeXSS(String str) {
return weblogic.servlet.security.Utils.encodeXSS(str);
}
%>
<%
try {
%>
<p>
This servlet returns information about the HTTP request
itself. You can modify this servlet to take this information
and store it elsewhere for your HTTP server records. This
servlet is also useful for debugging.
</p>
<h3>
Servlet Spec Version Implemented
</h3>
<pre>
<%= getServletConfig().getServletContext().getMajorVersion() + "." + getServletConfig().getServletContext().getMinorVersion() %>
</pre>
<h3>
Requested URL
</h3>
<pre>
<%= request.getRequestURL().toString() %>
</pre>
<h3>
Request parameters
</h3>
<pre>
<%
Enumeration enum_ = request.getParameterNames();
while(enum_.hasMoreElements()){
String key = (String)enum_.nextElement();
String[] paramValues = request.getParameterValues(key);
for(int i=0;i < paramValues.length;i++){
out.println(key + " : " + encodeXSS(paramValues[i]));
}
}
%>
</pre>
<h3>
Request information
</h3>
<pre>
Request Method: <%= request.getMethod() %>
Request URI: <%= request.getRequestURI() %>
Request Protocol: <%= request.getProtocol() %>
Servlet Path: <%= request.getServletPath() %>
Path Info: <%= request.getPathInfo() %>
Path Translated: <%= request.getPathTranslated() %>
Query String: <%= encodeXSS(request.getQueryString()) %>
Content Length: <%= request.getContentLength() %>
Content Type: <%= request.getContentType() %>
Server Name: <%= request.getServerName() %>
Server Port: <%= request.getServerPort() %>
Remote User: <%= request.getRemoteUser() %>
Remote Address: <%= request.getRemoteAddr() %>
Remote Host: <%= request.getRemoteHost() %>
Authorization Scheme: <%= request.getAuthType() %>
</pre>
<h3>Certificate Information</h3>
<pre>
<%
java.security.cert.X509Certificate certs [];
certs = (java.security.cert.X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
if ((certs != null) && (certs.length > 0)) {
%>
Subject Name : <%= certs[0].getSubjectDN().getName() %> <br>
Issuer Name :<%= certs[0].getIssuerDN().getName() %> <br>
Certificate Chain Length : <%= certs.length %> <br>
<%
// List the Certificate chain
for (int i=0; i<certs.length;i++) {
%> Certificate[<%= i %>] : <%= certs[i].toString() %>
<%
} // end of for loop
}
else // certs==null
{
%>
Not using SSL or client certificate not required.
<%
} // end of else
%>
</pre>
<h3>
Request headers
</h3>
<pre>
<%
enum_ = request.getHeaderNames();
while (enum_.hasMoreElements()) {
String name = (String)enum_.nextElement();
out.println(name + ": " +encodeXSS(request.getHeader(name)));
}
%>
</pre>
</td>
</tr>
<%
}
catch (Exception ex) {
ex.printStackTrace(new PrintWriter(out));
}
%>
http://localhost:7001/SnoopServlet/SnoopServlet.jsp
No comments:
Post a Comment