Moving resources under WEB-INF

What is the easiest method for me to safely move all html/js/images folders under the WEB-INF without breaking all links/forwarding to resources in these folders and make sure these resources are not directly accessible? You’re making a thiniking mistake here. HTML/JS/image (and CSS) resources need to be directly accessible anyway. For JSPs the story is … Read more

Servlet filter runs in infinite redirect loop when user is not logged in

This AuthenticationFilter also runs when login.html is being requested. However, the code is redirecting to login.html once again instead of continuing the filter chain. This explains the infinite redirect loop. You need to let the filter just continue the request if the currently requested page is already the login page itself. E.g. public void doFilter(ServletRequest … Read more

Why do cookie values with whitespace arrive at the client side with quotes?

When you set a cookie value with one of the following values as mentioned in Cookie#setValue(), With Version 0 cookies, values should not contain white space, brackets, parentheses, equals signs, commas, double quotes, slashes, question marks, at signs, colons, and semicolons. Empty values may not behave the same way on all browsers. then the average … Read more

Google Recaptcha v3 example demo

Simple code to implement ReCaptcha v3 The basic JS code <script src=”https://www.google.com/recaptcha/api.js?render=your reCAPTCHA site key here”></script> <script> grecaptcha.ready(function() { // do request for recaptcha token // response is promise with passed token grecaptcha.execute(‘your reCAPTCHA site key here’, {action:’validate_captcha’}) .then(function(token) { // add token value to form document.getElementById(‘g-recaptcha-response’).value = token; }); }); </script> The basic HTML … Read more

How do delete a HTTP response header?

You can’t delete headers afterwards by the standard Servlet API. Your best bet is to just prevent the header from being set. You can do this by creating a Filter which replaces the ServletResponse with a custom HttpServletResponseWrapper implementation which skips the setHeader()‘s job whenever the header name is Content-Disposition. Basically: @Override public void doFilter(ServletRequest … Read more