As you have witnessed in the previous chapters, a context represents a web application and contains one or more wrappers, each of which represents a servlet definition. However, a context requires other components as well, notably a loader and a manager. This chapter explains the org.apache.catalina.core.StandardContext class, which represents Catalina's standard implementation of the Context interface.
二、获取完localhost的StandardContext之后,无法获取准确的Servlet链接?
本文以Tomcat 9为核心学习并归纳了一些内存马技术,除有特殊说明外的章节外,本文使用Java 8u292
tomcat 主要包含四种容器:Engine,Host,Context,Wrapper。其对应关系如下图
首先,tomcat6下的StandardContext的获取可以参考先知的这篇文章:https://xz.aliyun.com/t/9914
问题描述: (错误信息找 Caused by) Caused by: java.lang.IllegalArgumentException: servlet映射中的<url pattern>[FindAllStudentServlet]无效 at org.apache.catalina.core.StandardContext.addServletMappingDecoded(StandardContext.java:3173) at org.apache.catalina.core.Standar
进入workspace.metadata.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps
内存马的形式有三种,filter、servlet、listener,优先级为listener>filter>servlet。
Arthas是开源的一款java诊断的工具,主要基于Instrument进行动态代理,以及JVMTI来与JVM进行通信交互。在无文件攻击的概念越来越火热的情况下,红军也急需能够与之对抗的方式,而arthas应该可以成为其中的首选方案
在servlet的配置当中,1的含义是:标记容器是否在启动的时候就加载这个servlet。当值为0或者大于0时,表示容器在应用启动时就加载这个servlet;当是一个负数时或者没有指定时,则指示容器在该servlet被选择时才加载。正数的值越小,启动该servlet的优先级越高。
https://blog.csdn.net/gaoqingliang521/article/details/108677301
最近,看到好多不错的关于“无文件Webshell”的文章,对其中利用上下文动态的注入Filter的技术做了一下简单验证,写一下测试总结,不依赖任何框架,仅想学习一下tomcat的filter。
在servlet的配置当中,<load-on-startup>1</load-on-startup>的含义是:
这个异常是经常遇到的异常情况。 Tomcat的异常 之 java.lang.IllegalArgumentException: Document base 有些刚开始使用的Tomcat的朋友会出现的问
sqoop2-1.99.2-cdh4.5.0在安装过程中遇到各种NoClassDefFoundError异常,例如:
tomcat热加载和执热部署都是通过后台进程检测项目中的.class和目录是否发生变化。
五月 29, 2019 6:29:39 下午 org.apache.catalina.core.StandardContext listenerStop 严重: Exception sending context destroyed event to listener instance of class [org.springframework.web.context.ContextLoaderListener] java.lang.IllegalStateException: BeanFactory not initialized or already closed - call 'refresh' before accessing beans via the ApplicationContext at org.springframework.context.support.AbstractRefreshableApplicationContext.getBeanFactory(AbstractRefreshableApplicationContext.java:170) at org.springframework.context.support.AbstractApplicationContext.destroyBeans(AbstractApplicationContext.java:908) at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:884) at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:836) at org.springframework.web.context.ContextLoader.closeWebApplicationContext(ContextLoader.java:579) at org.springframework.web.context.ContextLoaderListener.contextDestroyed(ContextLoaderListener.java:115) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4817) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5474) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:226) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:744) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1135) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1869) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExec
通过这个“Caused by: java.lang.ClassNotFoundException: org.apache.commons.lang3.StringUtils”,可知这个缺少commons-lang3-3.1.jar包
Container:容器,可以看作是一个servlet容器,包含一些Engine,Host,Context,Wraper等,访问的路径什么的就存放在这里
1、选中项目,右键Properties–>Deployment Assembly–>选择Add->选中Java Build Path Entries->Next->选择Maven Dependencies->Finish->Apply->OK
严重: Exception starting filter Struts2 Caught exception while loading file struts-default.xml - [unknown location] at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:839) at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments(XmlConfigurationProvider.java:131) at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfigurationProvider.java:100) at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reload(DefaultConfiguration.java:130) at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:52) at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:395) at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:452) at org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:201) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:275) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3696) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4343) at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3086) at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:404) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1309) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$C
主要是通过过滤器来拦截severlet请求中的参数,作为过滤器中的参数,来调用自定义过滤器中的恶意函数
之前的文章基本上都是围绕在tomcat或者spring环境下如何解决下面几个问题:
随着攻防对抗的博弈愈发激烈,流量分析、EDR等专业安全设备被防守方广泛使用,传统的文件上传的webshll或以文件形式驻留的后门越来越容易被检测到,webshell终于进入内存马时代,其关键在于无文件,利用中间件的进程执行恶意代码。本文试图进行一个学习,尽可能搞明白其来龙去脉
内存马给我最大的感受是,它可以有很强的隐蔽性,但是攻击方式也是比较局限,仅仅是文件上传这种,相比于反序列化其实,反序列化的危害性要强的多的多。
今天调试一个jboss应用的时候发现这个错误。 严重: Unable to instantiate ExpressionFactory 'com.sun.el.ExpressionFactoryImpl' 2008-9-12 11:36:47 org.apache.catalina.core.StandardContext listenerStart 严重: Exception sending context initialized event to listener instance of class
wrapper的load方法会去调用loadServelt方法生成并返回一个与当前wrapper关联的servlet对象
java项目构建从高版本JDK改为低版本JDK报错。这是再次编译时使用的JDK版本比你原来编译的版本低所导致的。 maven项目在服务器上构建时报错(Unsupported major.minor version 52.0 ):
我首先提出几个问题,大家先思考一下,如果都可以想出来,说明对类加载器的掌握程度还算不错:
Some contents of a web application are restricted, and only authorized users are allowed to view them, after they supplied the correct user name and password. The servlet technology supports applying security constraint to those contents via the configuration of the deployment descriptor (web.xml file). Now, in this chapter, we will look at how a web container supports the security constraint feature.
作为中国优秀的开源项目之中的一个JFinal有着极速开发的优点,是中小型应用开发的首选。在导师的建议下。我使用了JFinal来开发一个Java服务端应用,官方教程非常easy。就几十页(当然是中文的),学起来非常快。
Error: org.apache.axis2.AxisFault at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.description.AxisService.createService(AxisService.java:2504) at org.apache.axis2.description.AxisService.createService(AxisService.java:2459) at org.apache.axis2.deployment.POJODeployer.createAxisServiceUsingAnnogen(POJODeployer.java:272) at org.apache.axis2.deployment.POJODeployer.deploy(POJODeployer.java:108) at org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136) at org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:813) at org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144) at org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:377) at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:254) at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:142) at org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBasedAxisConfigurator.java:283) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:95) at org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:584) at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:454) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1231) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1144) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1031) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4914) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5201) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) at org.apache.catalina.core.StandardHost.addChild(Stand
发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/111273.html原文链接:https://javaforall.cn
org.xml.sax.SAXParseException: URI was not reported to parser for entity [document] at gnu.xml.aelfred2.SAXDriver.warn(SAXDriver.java:934) at gnu.xml.aelfred2.SAXDriver.startExternalEntity(SAXDriver.java:631) at gnu.xml.aelfred2.XmlParser.p
Tomcat内存马基础可以看我的上一篇:https://www.0kai0.cn/?p=240 前言-fliter等内存马局限 具体新建servlet的过程: https://blog.csdn.ne
xDemo package com.naihe; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.
FilterDefs:存放FilterDef的数组 ,FilterDef 中存储着我们过滤器名,过滤器实例,作用 url 等基本信息
Demo package com.naihe; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.B
1.在jre/bin下添加rxtxParallel.dll,rxtxSerial.dll 文件
配置文件web.xml报错,排除没有引入struts包,maven的包也引入了,应该是struts版本不一样,这个<filter-class>的路径不一样,ctrl+shift+T,查一下这个StrutsPrepareAndExecuteFilter类,原来在这个位置,重新改一下。
**我的tomcat7用了好久了,可以说是最开始学习javaweb的时候下载的,看着别人的视频里一顿配置,于是我也跟着一顿配置,虽然当时完全不知道在干什么,感觉好厉害的样子!然后直到有一天,你可能把电脑里一些没什么卵用的自己瞎做的项目删除了之后,然后你启动你的tomcat的startup.bat的时候,让人无语的时候来了,只见刷的一下cmd窗口就飞过,然后就没了,你还是一脸蒙逼,什么也不知道。。。。。
搭建完SpringMVC后要开启定时任务,添加以下: xmlns:task="http://www.springframework.org/schema/task" http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.2.xsd <task:annotation-driven /> <context:compone
You have seen a simple loader implementation in the previous chapters, which was used for loading servlet classes. This chapter explains the standard web application loader, or loader for short, in Catalina. A servlet container needs a customized loader and cannot simply use the system's class loader because it should not trust the servlets it is running. If it were to load all servlets and other classes needed by the servlets using the system's class loader, as we did in the previous chapters, then a servlet would be able to access any class and library included in the CLASSPATH environment variable of the running Java Virtual Machine (JVM), This would be a breach of security. A servlet is only allowed to load classes in the WEB-INF/classes directory and its subdirectories and from the libraries deployed into the WEB-INF/lib directory. That's why a servlet container requires a loader of its own. Each web application (context) in a servlet container has its own loader. A loader employs a class loader that applies certain rules to loading classes. In Catalina, a loader is represented by the org.apache.catalina.Loader interface.
You have learned in Chapter 5 that there are four types of containers: engine, host, context, and wrapper. You have also built your own simple contexts and wrappers in previous chapters. A context normally has one or more wrappers, in which each wrapper represents a servlet definition. This chapter will now look at the standard implementation of the Wrapper interface in Catalina. It starts by explaining the sequence of methods that get invoked for each HTTP request and continues with the javax.servlet.SingleThreadModel interface. The chapter concludes by explaining the StandardWrapper and StandardWrapperValve classes. The application that accompanies this chapter uses StandardWrapper instances to represents servlets.
在使用Eclipse进行Spring Boot应用开发时,如果项目启动是Run As->Run On Server方式运行就会报类似于Unable to process Jar entry [module-info.class] from Jar的错误,详细错误类似如下:
本文主要研究一下spring.mvc.servlet.load-on-startup
cas项目部署多台时session无法共享而引发一系列局限性,鉴于此考虑对cas项目进行session共享改造,基于redis来存储共享session信息。
领取专属 10元无门槛券
手把手带您无忧上云