OWASP Top 10

January 25, 2017 Leave a comment

Today we had an Hands “Web Application Security Training” at our client location. It was a very interesting session. Our coach discussed Top 10 Security Vulnerabilities seen in current web applications referred to as OWASP Top 10.

Workshop introduced two useful tools:

WebGoat – an application created by OWASP with all security issues and it also discusses how we can remedy the issues.

ZAP – a proxy to intercept web requests and find security bugs in any web app.

Overriding log4j property file

October 2, 2015 Leave a comment

Overriding log4j property file

Sometimes it is handy to override log4j behaviour. By default it looks for log4j.xml under classpath. But I had a need to override the xml with properties file that is coming from classpath. Just add following as a VM arguments to the program or server runtime arguments.

If log file is under classpath

  -Dlog4j.configuration=log4j.properties 

OR

 -Dlog4j.configuration=mylog4j.properties

If log file is outside classpath
Complete URL notation should be used as in:

 -Dlog4j.configuration=file:/c:/work/mylog4j.properties

OR

 -Dlog4j.configuration=file:/home/apps/work/mylog4j.properties





		
	
								

			

			

				
				
			

		

			

			
Log4j useful patterns

			

				March 2, 2012
												Leave a comment
				

			

			

				
Dev debugging with Class,method and line number


To enable logging of class name, method name and line number from which a log statement was printed,

use:


%C{1}.%M:%L


										

			

			

				
				
			

		

			

			
Weblogic WSRP Keystore

			

				February 10, 2011
												Leave a comment
				

			

			

				
wsrpKeystore.jks found in domain root password:password


Goto myrealm –> Providers –> Credential Mapping –> PKICredentialMapper –> Provider Specific –> you should see details for wsrpKeystore.jks 


Now list keystore entires:


$keytool -list -v -keystore DOMAIN_HOME/wsrpKeystore.jks

pasword: password


should list the alias name wsrpconsumer


Goto myrealm –> Credential Mappings –> PKI tab you should see PKI Credential Mappings. Click on wsrpconsumer__81_COMPAT, you will notice it will use alias from above keystore ‘wsrpconsumer’ 

										

			

			

				
				
			

		

			

			
The Endpoint Interface does not have WebService Annotation

			

				January 7, 2011
												Leave a comment
				

			

			

				
Following error appears when webservices-api.jar is missing on the classpath of the Servlet container (In my case Tomcat 5). Tomcat 5 expects this in either common/lib or common/endorsed


SEVERE: WSSERVLET11: failed to parse runtime descriptor: The Endpoint Interface: com.sun.portal.wsrp.common.stubs.WSRPV1RegistrationPortType does not have WebService Annotation
com.sun.xml.ws.model.RuntimeModelerException: The Endpoint Interface: com.sun.portal.wsrp.common.stubs.WSRPV1RegistrationPortType does not have WebService Annotation
	at com.sun.xml.ws.model.RuntimeModeler.getPortTypeName(RuntimeModeler.java:1316)
	at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:160)
	at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
	at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
	at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
	at com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:108)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Jan 4, 2011 11:21:02 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class com.sun.xml.ws.transport.http.servlet.WSServletContextListener
com.sun.xml.ws.transport.http.servlet.WSServletException: WSSERVLET11: failed to parse runtime descriptor: The Endpoint Interface: com.sun.portal.wsrp.common.stubs.WSRPV1RegistrationPortType does not have WebService Annotation
	at com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:118)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: com.sun.xml.ws.model.RuntimeModelerException: The Endpoint Interface: com.sun.portal.wsrp.common.stubs.WSRPV1RegistrationPortType does not have WebService Annotation
	at com.sun.xml.ws.model.RuntimeModeler.getPortTypeName(RuntimeModeler.java:1316)
	at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:160)
	at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
	at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
	at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
	at com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:108)
	... 24 more
Jan 4, 2011 11:21:02 AM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
Jan 4, 2011 11:21:02 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/producer] startup failed due to previous errors


										

			

			

				
				
			

		

			

			
Open Portal: LifecycleManagerException

			

				December 27, 2010
												Leave a comment
				

			

			

				
Following exception is seen in logs when the class loader finds the portlet.jar file in multiple locations (in my secanario: TOMCAT_HOME/common/lib and  MYWebAPP/WEB-INF/lib).  The exception vanishes once this jar is removed from the Web application.


Dec 24, 2010 2:59:17 AM com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl initPortletAppDescriptor
INFO: PSPL_PAECSPPAI0015 : Loading DD for the portlet application : PortalWeb
Dec 24, 2010 2:59:17 AM com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl createPortlets
SEVERE: PSPL_PAECSPPAI0013
com.sun.portal.portletcontainer.appengine.LifecycleManagerException: java.lang.ClassCastException: com.vbandaru.somepkg.SomePortlet
	at com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl.createPortlet(LifecycleManagerImpl.java:319)
	at com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl.createPortlets(LifecycleManagerImpl.java:355)
	at com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl.<init>(LifecycleManagerImpl.java:138)
	at com.sun.portal.portletcontainer.appengine.PortletAppEngineServlet.init(PortletAppEngineServlet.java:151)
	at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
	at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:966)
	at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3956)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4230)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: java.lang.ClassCastException: com.vbandaru.somepkg.SomePortlet
	at com.sun.portal.portletcontainer.appengine.impl.LifecycleManagerImpl.createPortlet(LifecycleManagerImpl.java:304)
	... 29 more


										

			

			

				
				
			

		

			

			
OpenPortal/Weblogic WSRP Interoperability: URL Rewriting Issue

			

				December 11, 2010
												Leave a comment
				

			

			

				
I am trying to consume a Open Portal 2.0 Producer (JSR 286) on Weblogic 10.3.2 Consumer. 


Issue: Encoded URL has un-necessary tokens making the resouce URLs break on the consumer side.


I am rendering an image like this with src attribute = 


<%= renderResponse.encodeURL(renderRequest.getContextPath() + "/ico_normal.jpg")%> 



which produces following url on the consumer: 


 http://localhost:7001/ConsumerApp/resource/cs__pageLabel%3Dtest_portal_page_2_page_3%26_portlet.portalUrl%3D%252FConsumerApp%252Fconsumer%252Ftest.portal%26_st%3D%26_windowLabel%3DhelloWorldPortletInvoicePortletMINE_1/u_http%3A%2F%2Flocalhost%3A8080%2FhelloWorldPortlet%2Fico_normal.jpg/id_/rr_false/po_/rs_/rc_/iu_oracle:immutableURI/*wsrp*separatororacle:mutableURI;jsessionid=Y1lnM27Zk68ZQ86sBvG19Js9vcncmGTR8s5WStcLQtS448nZ2fQT!-1164873313?oracle:mutableParameters 



Please notice the tokens that start with {oracle:mutable*}  in above URL which makes the images not to render on the consumer. Once I remove these tokens ({oracle:immutableURI} , {oracle:mutableURI} and {oracle:mutableParameters})and paste  in the browser, the image do show up. The solution seems to be while generating the WSRP markup, if I can replace all the tokens of form {oracle:mutable  *blah …} with empty string, I will arrive at a solution. 


The consumer is sending the following URL template for wsrp-resource: 


http://url:domain:url:port/url:path/resource/cs_url:queryString/u_wsrp-url/id_wsrp-resourceID/rr_wsrp-requiresRewrite/po_wsrp-preferOperation/rs_wsrp-resourceState/rc_wsrp-resourceCacheability/iu_oracle:immutableURI/*wsrp*separatororacle:mutableURI?oracle:mutableParameters 



Even section 9.2.2 of the WSRP 2.0 specification says, the producer MUST replace all tokens in the consumer-supplied URL template with values, including replacing all tokens for which it does not have a value (or does not understand) with the empty string. So the “{oracle:immutableURI}” and “{oracle:mutableURI}” tokens should be getting replaced with “” (the empty string) by the producer. 


#1. is this a bug? what specific Java classes in the source deal with handling encoding so that I can touch them to hotfix this issue for the timebeing in my environment? 


#2. Is there any flag or configuration that enable the Producer to use  “consumer URL rewriting”? 

										

			

			

				
				
			

		

			

			
OpenPortal WSRP: ContainerException

			

				December 10, 2010
												Leave a comment
				

			

			

				
I built few JSR 286 Portlets using OpenPortal container with OpenPortal WSRP Implementation. The portlets were working fine in our DEV enviroment but when moved to QA, whenever the portlet is requested it throws below exception in the logs leaving no clue of what’s happening behind the scenes.


catalina.log


Dec 10, 2010 1:36:56 PM com.sun.portal.portletcontainer.invoker.WindowInvoker getPortletContent
WARNING: PSPL_PCCTXCSPPCI0006
com.sun.portal.container.ContainerException: PortletContainer.getMarkup(): javax.servlet.ServletException: Servlet.init() for servlet PortletAppEngineServlet threw exception
	at com.sun.portal.portletcontainer.impl.PortletContainer.getMarkup(PortletContainer.java:280)
	at com.sun.portal.portletcontainer.invoker.WindowInvoker.getPortletContent(WindowInvoker.java:378)
	at com.sun.portal.portletcontainer.invoker.WindowInvoker.render(WindowInvoker.java:252)
	at com.sun.portal.portletcontainer.driver.PortletContent.getContent(PortletContent.java:71)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.getPortletContents(DesktopServlet.java:320)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.getAllPortletContents(DesktopServlet.java:263)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.doGetPost(DesktopServlet.java:123)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.doGet(DesktopServlet.java:92)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
	at java.lang.Thread.run(Thread.java:595)
javax.servlet.ServletException: Servlet.init() for servlet PortletAppEngineServlet threw exception
	at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1180)
	at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:648)
	at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584)
	at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:497)
	at com.sun.portal.portletcontainer.impl.PortletContainer.invokePAE(PortletContainer.java:883)
	at com.sun.portal.portletcontainer.impl.PortletContainer.invokePAE(PortletContainer.java:734)
	at com.sun.portal.portletcontainer.impl.PortletContainer.getMarkup(PortletContainer.java:221)
	at com.sun.portal.portletcontainer.invoker.WindowInvoker.getPortletContent(WindowInvoker.java:378)
	at com.sun.portal.portletcontainer.invoker.WindowInvoker.render(WindowInvoker.java:252)
	at com.sun.portal.portletcontainer.driver.PortletContent.getContent(PortletContent.java:71)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.getPortletContents(DesktopServlet.java:320)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.getAllPortletContents(DesktopServlet.java:263)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.doGetPost(DesktopServlet.java:123)
	at com.sun.portal.portletcontainer.driver.DesktopServlet.doGet(DesktopServlet.java:92)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
	at java.lang.Thread.run(Thread.java:595)



Our App is hosted on Tomcat 5.5.26 in both QA and DEV environments and it turns out that each of the installation varies in configuration settings in server.xml. This seems to be causing the issue. As shown in below snippet, change unpackWARs=”true” to resolves the issue. Another alternative to making server.xml changes is to deploy the WAR file in exploded format


${TOMCAT_HOME}/conf/server.xml 


  <Host name="localhost" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">
  </Host>


										

			

			

				
				
			

		

			

			
Open Portal WSRP: CSS class name collision

			

				December 2, 2010
												4 comments
				

			

			

				
We have a Open Portal 2.1.2 Producer running on Tomcat 5.5.26.The producer hosts JSR 286 portlets. The consumer is Weblogic 10.3.2 Portal based.


Issue : On the consumer, the CSS style class collide with styles of other portlets. One solution to prevent this collision is to use unque CSS class names but on consumer side federated portal there is no guarantee that the it does not have the style that producer has.


There is a nice article on SDN (see [3]), discussing the javascript namespace collision, suggests prefixing JavaScript variables and functions with <portlet:namespace/>.This is a great solution but,for an external CSS file, there is no way we can use <portlet:namespace/>. For internal CSS in JSP, we can prefix the CSS class with <portlet:namespace/>_someClass.


Rest of the article explains how this can be achieved for External CSS.


original external css file : sample.css


#_someClass
{
width:300px;
word-spacing:12px;
font-size:90%;
padding-left:12px;
padding-right:10px;
white-space:nowrap
}

:
:
:



Orginal sample.jsp


<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>

<%@ page import="javax.portlet.*"%>
<%@ taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet"%>

<portlet:defineObjects />
<%PortletPreferences prefs = renderRequest.getPreferences();%>

<link rel="stylesheet" type="text/css" href="<%=renderResponse.encodeURL(renderRequest.getContextPath() + "/sample.css")%>"/>

<div id="someClass">
<p>some portlet content goes here</p>
</div>



Now, the approach is to generate the CSS dynamically by prefixing the namespace for each class. The namespace is passed from the sample.jsp to the dynamic CSS generating page as a request paramter as shown below.


Modified CSS file: sample.css.jsp


<% String namespace = request.getParamter("namespace");
<style type="text/css">
.<%=namespace %>_someClass
{
width:300px;
word-spacing:12px;
font-size:90%;
padding-left:12px;
padding-right:10px;
white-space:nowrap
}

:
:
:
</style>



Modified sample.jsp


<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>

<%@ page import="javax.portlet.*"%>
<%@ taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet"%>

<portlet:defineObjects />
<%PortletPreferences prefs = renderRequest.getPreferences();%>

<%-- removed link tag and added dynamic CSS page using <jsp:include .../>--%>
<jsp:include page="/sample.css.jsp">
   <jsp:param name="namespace" value="<portlet:namespace/>"/>
</jsp:include>

<%-- prefix css class with namespace --%>
<div id="<portlet:namespace/>_someClass">
<p>some portlet content goes here</p>
</div>



This should resolve the namespace collision issue on the consumer.


References


[1]. My original post on this issue at OpenPortal forums 


[2]. My Original post on this issue at Oracle OTN forums


[3]. Nice article on OpenPortal from SDN 

										

			

			

				
				
			

		

			

			
Sample WSRP Producer URL

			

				December 1, 2010
												Leave a comment
				

			

			

				
Open Oracle WSRP test portal 


(http://portalstandards.oracle.com/portletapp/portlets?WSDL)


http://portalstandards.oracle.com/portletapp/portlets?WSDL