.htaccess in Detail

What is .htacces file?

.htaccess are files (or “distributed configuration files”) which provide a way to make configuration changes on a per-directory basis.

With the use of .htaccess file we can acheive the  below tasks.
make password product, redirect, script enable, index listing, index file.

Is it safe?

There are two main reasons to avoid the use of .htaccess files.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

Further note that Apache must look for .htaccess files in all higher-level directories, in order to have a full complement of directives that it must apply. (See section on how directives are applied.) Thus, if a file is requested out of a directory /www/htdocs/example, Apache must look for the following files:

/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess

And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are present. (Note that this would only be the case if .htaccess files were enabled for /, which is not usually the case.)

The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.

To enable .htaccess, change the AllowOverride option in the apache conf file accordingly

Instead of All we can give Options FileInfo, AuthConfig, Limit and None

The default filename is .htaccess. If we want to change change in the apache httpd.conf file as below.

If you changed the above settings .htaccess enabled. So now place a file with name .htaccess (or any given name) in the web server root directory.

Before processing that directory apache will look for a file named .htaccess there before doing any processing. If parent directory  and sub directory contains same configuration info for sub directory sub directory configuration will be taken.

Useful commands

If file not found error occurred in the directory we can set the default error page to something.

As mentioned above we can apply the same concept for other error codes also. For example 500 for internal server error, 403 for access denied.

To disable directory indexes inside the directory add below line to .htaccess file

To allow particulat ip address add below code

[ Range can also possible like 000.000.000.000,192.168.000.000 ]

To deny particular ip address

[ Range can also possible like 000.000.000.000,192.168.000.000 ]

To deny from all

To specify index file for each folder

Apache will look from left to right, So if index.html not found it will look for index.jsp then index.php

Also we can redirect a particular directory or particular file to another path/file in the same server or on any other server. See below

To Redirect file/path

While doing redirect the additional info in the path will be kept as it is. For example after  Redirect /test http://www.google.com/test  if we type  www.oldurl.com/test/filepath/file.png  it will go to www.google.com/test/filepath/file.png

To protect a directory with password add below code

To add the password and user details to .htpasswd file use the htpasswd command as below.

To access the path via script directly with password try with http://rajesh:rajesh123@localhost/test

Find the options available with htpasswd command to create password below.

-b    Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line.

-c    Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.

-n    Display the results on standard output rather than updating a file. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores. This option changes the syntax of the command line, since the passwdfile argument (usually the first one) is omitted. It cannot be combined with the -c option.

-m    Use MD5 encryption for passwords. This is the default (since version 2.2.18).

-d    Use crypt() encryption for passwords. This is not supported by the httpd server on Windows and Netware and TPF. This algorithm limits the password length to 8 characters. This algorithm is insecure by today’s standards. It used to be the default algorithm until version 2.2.17.

-s    Use SHA encryption for passwords. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif).

-p    Use plaintext passwords. Though htpasswd will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware and TPF.

-D    Delete user. If the username exists in the specified htpasswd file, it will be deleted.

passwdfile    Name of the file to contain the user name and password. If -c is given, this file is created if it does not already exist, or rewritten and truncated if it does exist.

username    The username to create or update in passwdfile. If username does not exist in this file, an entry is added. If it does exist, the password is changed.

password    The plaintext password to be encrypted and stored in the file. Only used with the -b flag.

Posted in .htaccess | Tagged , | Leave a comment

Struts2 Tutorial Part 5 – Namespaces

In this session we will discuss about Struts2 namespaces.Struts2 namespaces are the Namespaces of the URL accessed.

For example if a user types types a URL  http://www.learnerandtutor.com/struts2/actions/method.action  in that  /struts2/action  is namespace and  method.action  is the action name.

While naming a namespace we have to keep the below points in mind.

  • A namespace will be like “/path1/subpath”, “/path2/path3/sub1”.
  • A namespace can also be root namespace. (i.e) namespace=”/”. But it is exactly like normal namespace. The URL should match for it.
  • For example if the url is “www.learner.com/rajesh.action” it will go to root namespace. If the url is “www.learner.com/path1/subpath” it will go to “/path1/subpath” namespace.
  • We can also create default namespace where we can put default actions. That means if the requested action is not found in any specific namespaces then the control will look for that action inside the default namespace. The default namespace syntax will be

One useful example of this default is we can handle all the unknown requests with the the simple setup like below.

What we done is, if any requested action is not found simply responding with error page instead of file not found error. That’s why we put the action name as *. So even if the user types an action name asdasdasd it will respond with error.jsp . Even we can use wild card characters also in action name. In later chapters we will work on wild char characters in action names.

Posted in Struts2 | Tagged , | 1 Comment

Struts2 Tutorial Part 4 – Packages

In this tutorial session we will discuss about struts 2 packages.Struts 2 packages are like java packages where actions can be grouped together. See a sample package below.

We can provide four parameters with package declaration.

    1. name        –        Name of the package (required)
    2. namespace   –   Namespace for the actions in the package
    3. extends     –      Parent package to inherit
    4. abstract    –       If true this package will only be used to define inheritable components not actions. (Discuss in detail later)
  • The main use of packages are we can group similar actions together.
  • We can inherit one packages options to another one simply by extending it.
  • An example is we can group all the actions that required authentication, then by adding particular rule for that package alone we can control the unauthorized access.

Most of the Struts 2 Framework default classes and functionality methods are grouped into packages. We can make use of those by simply extend it. See our example code above, we extended the “struts-default” package where major struts 2 default implementations are available.

Posted in Struts2 | Tagged , | Leave a comment

Struts2 Tutorial Part 3 – Actions 2

In this tutorial session we will create a simple struts 2 application to understand the complete flow of an action. If you want to know the clear picture about Struts2 action see our action post 1 here. If you want to get clear idea over struts 2 from the beginning please refer the below posts.

Struts2 Introduction
Struts2 HelloWorld Application
Struts2 Tutorial Part 3 – Actions 1

While develop our application, we will discuss about the details of each configuration parameter. First we have to create the home.jsp file which is the first page of the application. See the code below.

home.jsp

We created a simple jsp file with struts2 UI tags. We will learn about Struts2 UI tags later. As of now just keep in mind struts2 tags are like normal html tags with more functionalists. So for clear understanding consider  <s:form>  as normal  <form>  tag,  <s:textfield>  as normal  <input type='text'>  tag and so.So when we fill and submit the form it will submit the data to the url welcome.

Next we will create another jsp page where we will display the name and city what we entered in the home.jsp. See the code below.

welcome.jsp

Here also we used struts2 UI  tag <s:property> . It is used to retrieve the value from the OGNL stack where all the variables are stored. We will see about the Struts2 UI tags and OGNL stack later. As of now assume it will return the respective values.

Next we will create our struts.xml file which is the configuration file, See the code below.

struts.xml

See the web.xml file below.

web.xml

Finally see our java file where we have our business logic.

Welcome.java

That’s all the files needs to be created. Now we will discuss the workflow of this application to understand actions clearly. At first when the user types  http://localhost:8080/Struts2Action/  in the browser the control will go the web.xml file as we discussed in the previous chapter. In web.xml we never mentioned any index files. But we mentioned a filter to all the incoming requests.

So the control will go to the filter class. We no need to worry abouth these portions. These are all implemented by the framework itself.  Just for understanding I am explaining this.

Then the framework will look for struts.xml file. Then as we typed simply the application name alone it will look for the action with emty name. In our struts.xml file we have a action with name emty. So the framework will render the page home.jsp to the browser.

Here one important think we have to note is before sending the page to browser the framework will replace all struts2 UI tags by corresponding html tags. To understand this after the home.jsp is rendered on the browser see the source code of the page.

After rendering the page the page source code will look like below one.

Then  as in the home page we have to enter the name,city then submit the form. As we mentioned the data to the url welcome.action the control will look for it. So the request will be http://localhost:8080/Struts2Action/welcome.action . As usual the control will look for an action with name ‘welcome’. Once it identifies it will execute the corresponding class to it.

As we discussed all action methods should return a string value. Once that method returned a string value, the matching result tag will be rendered to the user. In our class com.rajesh.struts2.Welcome method welcome() we returned ‘success’ string. So welcome.jsp will be rendered to the user. If suppose our method returns string ‘error’ then the error.jsp will be rendered. If no name attribute is defined with the result tag ‘success’ will be taken as default value.

Note:

In our previous action with empty name we never mentioned any class name. Just remember that the class attribute of the action is an optional one (Discussed in previous chapter). If no class is specified it will take the result as ‘success’ by default

Another attribute for the action tag is method name. See our action welcome.

We mentioned the method name as welcome(). If we don’t specify the method name the control will look for method with name execute() inside the action class.

What is the use of this?

The main reason is we can have multiple methods inside a single class. In that situation we can mention the method name, Otherwise we can simply use the same method name execute(). Anyway it is upto us to decide.

With this knowledge we will look back our initial action with empty name “”. We never mentioned the class to it. So it will take ‘success’ by default. Then it will look for result tage with name ‘success’. We never mentioned that also. So there also it will take ‘success’ by default. Then both matches, result page rendered.

Another one important think we have to know what are all the background functions are running, while we call particular action. By default before running any action methods Struts 2 have a set of methods to run. Those are all called interceptors. We will discuss about interceptors in another chapter. As for now kepp in mind before running any action Struts 2 framework executing some methods.

With the above point in mind we will see about how the data from home page is getting travelled to the result page. As I said before running the action method the struts 2 will look for the methods to pass the data from the html form to server.

We will see this with an example. In our home.jsp we have to major data containing fields name and city.

So after we submit the data to the server the struts2 framework will look for the method setName() and setCity(). (i.e.) By default adding the word get infront of the field name and adding the field name starts with capital letter.

Now to understand this see our Welcome.java methods.

We have to methods setName() and setCity(). So those will get executed before the action method executes. For each url access a new instance of the class will be created. So when multiple user opens the URL it will not affect one another.

All the variables related to one session will be stored in a common stack called OGNL. So from any portion of the application we can get the value for the variables.

In the same way in our welcome.jsp the tags  <s:property value="name" />  and  <s:property value="city" />  will call getName() and getCity() methods.

Another one important think is all theses processes are happening in the server side. So only the replaced final html file will be sent back to the user. (i.e)The UI tags will not be visible at the user end.
action-post32
action-post31

With this we will complete this session on Struts 2 action. We will continue with action-packages and namespaces in our next session.

I have created a complete and simple .war file with source code for the example we discussed. Download and just place under Apache web apps folder and run.

If you have any issues while execution post in comments or send mail to rajeshmepco@gmail.com.

Posted in Struts2 | Tagged , , | Leave a comment

How to make apache server listen on particular port ?

Apache can be made to listen to a particular port/ip address using Listen directive.

Syntax :
Listen [IP_Address:]Port

Examples :
Listen 0.0.0.0:80
Listen 80
Listen 127.0.0.1:80
Listen 191.20.20.21:8000

  • Listen directive tells the server to listen for http request on the specified port or IP address (the number of IP’s for a machine depends upon the number of Network Interface Cards) and port combinations.
  • If only port number is specified the server listens to the given port on all Network Interfaces.
  • If both IP address and port is given, the server will listen on the given port and interface.
  • Multiple Listen directives can be used to specify a number of addresses and ports to listen on.
  • The server will respond to requests from any of the listed addresses and ports.

For example, to make the server accept connections on both port 80 and port 8080, on all interfaces, use:

Listen 80
Listen 8080

To make the server accept connections on port 80 for one interface, and port 8080 on another, use

Listen 191.20.20.20:80
Listen 191.20.20.21:8000

Note :

  1. The number of IP’s for a machine depends upon the number of Network Interface Cards(NIC). If a machine has 2 NIC’s installed, then it can have 2 IP’s.
  2. The IP address 0.0.0.0 means “every IP that the computer provides”.
  3. The IP address 127.0.0.1 is computer’s loopback address.
  4. Network IP addresses like 127.0.0.1 do not reach outside, but are re-routed by the computer’s own network adapter back to the TCP/IP stack.
  5. To get all listening tcp port one can use the command netstat -lntp, l – listening port, n – print numeric IP address, t – list only tcp socket, p – print process ID.
Posted in Apache | Tagged , , | Leave a comment

Struts2 Tutorial Part 3 – Actions 1

In this tutorial session we will see the important key aspects of Struts2 Actions. If you want to get clear idea over struts 2 from the beginning please refer the below posts.

Struts2 Introduction
Struts2 HelloWorld Application

In nutshell, Struts2 actions are string returning java methods. Those methods are organized in a effective way for Struts2 Framework. See a sample action below.

The above method is a valid struts2 action. So in short, any java method returns a string can be a struts2 action.

Actions mainly do three thinks.

  1. Action Encapsulates the unit of work. (i.e) The real code logic for the application will be here.
  2. Action returns control string to decide the result page. (i.e) Based on the result string from the action only the framework will decide which page to load (will explain later)
  3. Action is the place where data transfer is happening. (will explain later)

So now we want to know how the framework executes the correct java method when request arrives. Here we take tomcat apache as our example server where our application is running. If suppose the user types the url  http://localhost:8080/Struts2Action  in the browser it will come to the application server (i.e) here tomcat.  Then the application server look for the application Struts2Action in its webapps folder.

Once it identifies it will look for web.xml file inside the application WEB_INF folder.Once it finds the web.xml it will read and execute based on that file.

As I explained in the HelloWorld Application the web.xml will redirect all the requests it receives to struts filter (For Struts2 only; not all). Because we added a filter to all the requests. See a sample web.xml below.

So here we redirected all the requests to org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter filter class. So the control will go to the org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter class. That class takes struts.xml as it’s configuration. So it will look for struts.xml in the class folder path.

See a sample struts.xml file below.

Once the struts.xml is found based on that configuration the flow continuous. Clear? As per our example once the user entered the URL  http://localhost:8080/Struts2Action  the control will open this struts.xml file and tries to find corresponding action. In our example we never mentioned any name after the application Context Struts2Action.

But in struts.xml we mentioned a action with empty name as below.

So it will get match with our request http://localhost:8080/Struts2Action . If suppose we type the url http://localhost:8080/Struts2Action/welcome then the welcome action mentioned in the struts.xml will get executed. See that below.

Now we will see how to declare an action in the struts.xml. The syntax to declare an action is

where

actionName is

  • The name of the action
  • Refered by the url
  • Compulsary

className is

  • A Java Class to be executed while calling the respective action
  • Optional

resultName is

  • A string which comes as return type from the action method (ex “success”,”input”,”error”)
  • Optional
  • If not mentioned will take success by default

resultFile is

  • A File to render if resultName matches
  • Complulsory

With this we  finish this session for action. We will continue with a simple example in the net session.

Posted in Struts2 | Tagged , | Leave a comment
hello