SlideShare une entreprise Scribd logo

2012 03 27_philly_jug_rewrite_static

Lincoln III
Lincoln III
TechnologieBusiness
1  sur  72
Télécharger pour lire hors ligne
Philly Java Users Group Security and Usability URL-rewriting for the next-generation web user Lincoln Baxter, III Senior Software Engineer Founder Red Hat, Inc. http://ocpsoft.org/ 2012-03-27 “Simpler is better.”
What is URL-rewriting? Any manipulation of the HTTP Request/Response life-cycle.
Mind the gap. ● Gap #1: “Relocated” or missing resources ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting of useful information ● Gap #5: Validation of user input ● … (and actually many more)
One big thing. “Without URL-rewriting, our life would be $#@!'ing hell.”
Gap #1: “Relocated” or missing resources
404 slide not found
wtf?
robo.to
github.com
blippy.com
What does it mean?
Distraction from failure.
1. The content existed and now does not. 2. The content never existed, fool.
Translated. “Either the website sucks or you suck, and neither is going to make anyone happy.”
2 ways to have a magical 404 experience ...
301 Moved Permanently 302 Moved Temporarily
Google says, “Redirect to the new URL for at least 180 days.”
Gap #2: URL-readability http://www.amazon.com/Kin dle-Touch-Wi-Fi-Ink- Display/dp/B005890G8Y/ref =amb_link_357575542_6? pf_rd_m=ATVPDKIKX0DER&pf_ rd_s=gateway-center- column&pf_rd_r=1T2J5PYBVZ ZWBHWN1BP1&pf_rd_t=101&pf _rd_p=1321408942&pf_rd_i= 507846 wtf?
We are friends.
http://amazon.com/shop/kindle-touch
Tired of trash in your face? http://www.amazon.com/Kindle-Touch-Wi-Fi-Ink- Display/dp/B005890G8Y/ref=amb_link_357575542_6? pf_rd_m=ATVPDKIKX0DER&pf_rd_s=gateway-center- column&pf_rd_r=1T2J5PYBVZZWBHWN1BP1&pf_rd_t=101&pf_rd_p=132 1408942&pf_rd_i=507846
There's plenty of space out in space! http://amazon.com/shop/kindle-touch? tracker=AAasfds3r32ydkl6fd854kdjf84hf idbdgv64n0curnoxydkl6fd854kdjf84hfidb dgv64n0ge8nfbh...
Gap #3: Revealing sensitive information Visit: http://microsoft.com/genuine/downloads/faq.aspx You will be redirected to a page without .aspx suffix
.xhtml .do .asp .jsp / .php .cgi .jsf
A good magician never reveals the implementation.
Gap #4: Formatting of useful information http://example.com/buy/1/shoes/store
Be cool. http://example.com/store/shoes/1 http://example.com/store/shoes/1/buy http://example.com/store? buy=true&category=shoes&it em=1 35
Why are people afraid of buying used cars?
You never know what you are going to get.
Trust me? http://www.youtube.com/watch?v=oHg5SJYRHA0
Built trust by reducing clutter & using clean URLs Before: http://example.com/news.xhtml?p=my-new-post After: http://example.com/news/my-new-post/
Gap #5: Validation of user input URLs are user-input and your website is vulnerable!
Aspect Security says: Two of three recent security vulnerabilities in web-frameworks are URL-based. * * https://www.aspectsecurity.com/uploads/downloads/2012/03/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf
Real Life... http://www.llbean.com/webapp/wcs/stores/servlet/CategoryDisplay? categoryId=28&storeId=1&catalogId=1&langId=-1&nav=hp-gndp
http://llbean.com/kids
Vulnerable! wtf? http://www.llbean.com/webapp/wcs/stores/servlet/CategoryDisplay? categoryId=28&storeId=1&catalogId=1&langId=-1&nav=hp-gndp validate? Cluttered!
Mind the gap. ● Gap #1: “Relocated” resources (404) ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting of useful information ● Gap #5: Validation of user input
URL-rewriting
Basic things we can do with all types of URL-rewriting ● Redirection & Relocation ● Parameterization /store/{category}/{item} Accept-Charset: UTF-8 /store/$attack-%3/begin ● Simple URL validation ● Add/Remove Headers
URL-rewriting: Proxy based (Non-Java)
Inbound only.
URL-rewriting: Filter Based (Native Java)
blatant lie “I have no personal investment in any of these tools.” - Me
Cool things we can do with Filter- based Java URL-rewriting ● Transformation and Canonicalization ● Complex Validation ● Data Conversion example.com/project/FOO ● Request interception("/store/product/{pid}") .when(Path.matches example.com/project/foo .where("pid") ● And more... property("productBean.product") .bindsTo(El. .convertedBy(ProductConverter.class) .validatedBy(ProductValidator.class)))
Some things you should NOT do, with Java URL-rewriting If it needs to run when your app doesn't... you probably don't want to put it in your app.
Demos (It's *barcode time)
Access Control / Timer Demo ( http://access-rewrite.rhcloud.com/ ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
Rest Validation/Conversion Demo ( http://rest-rewrite.rhcloud.com ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
Composite Query Demo ( http://composite-rewrite.rhcloud.com ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
Bonus round! But client-side web applications are the future, can't I just ignore the URL and use WebSockets?!
Client side browser applications http://twitter.com/#!/lincolnthree requests #!/lincolnthree #!/connect serves #!/discover #!/lincolnthree/status/180 710662975143936 #!/li
How can we clean it up? http://example.com/ t u es req e ns po res example.com/login example.com/signup request example.com/lincoln/myproject resp ? ons e
Handling bookmarks example.com/ example.com/login t example.com/lincoln/myproject ues req serves inspec ts / login lincoln/... profile
Where am I? example.com/ example.com/lincoln example.com/lincoln/myproject example.com/lincoln/lincoln How do you determine the Context Root? example.com/ ? example.com/lincoln ? example.com/lincoln/lincoln ?
Resolve the Context Root http://example.com/lincoln t es req u + / e ns po res HEAD /lincoln?org.ocpsoft.rewrite.history.ContextPath st reque respons 200 OK - Set Header: ContextPath = / e
Demos ● Access control (Request Interception) ● REST (Validation and Conversion) ● Composite Query (Security and Usability) ● SocialPM Rich Client (Browser Applications)
Mind the gap. ● Gap #1: “Relocated” resources (404) ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting useful information ● Gap #5: Validation of URLs ● … (and actually many more)
One big thing. “Without URL-rewriting, our life would be $#@!'ing hell.”
/questions
@lincolnthree @lincolnthree @lincolnthree
You have options, but if you liked what you saw... ● Try it now: ocpsoft.org/rewrite ● Get involved: github.com/ocpsoft/rewrite

Recommandé

Beautiful Java EE - PrettyFaces
Beautiful Java EE - PrettyFacesBeautiful Java EE - PrettyFaces
Beautiful Java EE - PrettyFacesLincoln III
 
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...Lincoln III
 
Pretty Bookmarkable JSF: PrettyFaces
Pretty Bookmarkable JSF: PrettyFacesPretty Bookmarkable JSF: PrettyFaces
Pretty Bookmarkable JSF: PrettyFacesLincoln III
 
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010Lincoln III
 
Going Above JSF 2.0 with RichFaces and Seam
Going Above JSF 2.0 with RichFaces and SeamGoing Above JSF 2.0 with RichFaces and Seam
Going Above JSF 2.0 with RichFaces and SeamLincoln III
 
Bookmarkable JSF: PrettyFaces
Bookmarkable JSF: PrettyFacesBookmarkable JSF: PrettyFaces
Bookmarkable JSF: PrettyFacesLincoln III
 
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...Jamie Indigo
 
Fundamentals of web_design_v2
Fundamentals of web_design_v2Fundamentals of web_design_v2
Fundamentals of web_design_v2hussain534
 

Recommandé

Beautiful Java EE - PrettyFaces
Beautiful Java EE - PrettyFacesBeautiful Java EE - PrettyFaces
Beautiful Java EE - PrettyFacesLincoln III
 
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...
PrettyFaces: SEO, Dynamic, Parameters, Bookmarks, Navigation for JSF / JSF2 (...Lincoln III
 
Pretty Bookmarkable JSF: PrettyFaces
Pretty Bookmarkable JSF: PrettyFacesPretty Bookmarkable JSF: PrettyFaces
Pretty Bookmarkable JSF: PrettyFacesLincoln III
 
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010
PrettyFaces URLRewrite for Servlet & JavaEE @ Devoxx 2010Lincoln III
 
Going Above JSF 2.0 with RichFaces and Seam
Going Above JSF 2.0 with RichFaces and SeamGoing Above JSF 2.0 with RichFaces and Seam
Going Above JSF 2.0 with RichFaces and SeamLincoln III
 
Bookmarkable JSF: PrettyFaces
Bookmarkable JSF: PrettyFacesBookmarkable JSF: PrettyFaces
Bookmarkable JSF: PrettyFacesLincoln III
 
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...
How Googlebot Renders (Roleplaying as Google's Web Rendering Service-- D&D st...Jamie Indigo
 
Fundamentals of web_design_v2
Fundamentals of web_design_v2Fundamentals of web_design_v2
Fundamentals of web_design_v2hussain534
 
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018Jamie Indigo
 
Challenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering serviceChallenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering serviceGiacomo Zecchini
 
BDD - Writing better scenario
BDD - Writing better scenarioBDD - Writing better scenario
BDD - Writing better scenarioArnauld Loyer
 
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry WhiteGTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry WhiteGerry White
 
Fast by Default
Fast by DefaultFast by Default
Fast by DefaultAbhay Kumar
 
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)nous sommes vivants
 
Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09Chris Stevens
 
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...Kahena Digital Marketing
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationSeo Indonesia
 
Website Optimization -SEO - Step By Step
Website Optimization -SEO - Step By StepWebsite Optimization -SEO - Step By Step
Website Optimization -SEO - Step By StepMia Lee
 
Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1Jeff Potts
 
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 201410 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014Timon Hartung
 
Dreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile designDreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile designDee Sadler
 
SES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe DolsonSES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe DolsonJoseph Dolson
 
So you want to build a Facebook app
So you want to build a Facebook appSo you want to build a Facebook app
So you want to build a Facebook appkamal.fariz
 
Facebook Development with Zend Framework
Facebook Development with Zend FrameworkFacebook Development with Zend Framework
Facebook Development with Zend FrameworkBrett Harris
 
Accelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMPAccelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMPJono Alderson
 
Directory Submissions List
Directory Submissions ListDirectory Submissions List
Directory Submissions ListMarkandey Singh
 
The State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite ScrollThe State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite ScrollAdam Gent
 
Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5Hamlet Batista
 
Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"Fwdays
 
Creating an Effective Mobile API
Creating an Effective Mobile API Creating an Effective Mobile API
Creating an Effective Mobile API Nick DeNardis
 

Contenu connexe

Tendances

Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018Jamie Indigo
 
Challenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering serviceChallenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering serviceGiacomo Zecchini
 
BDD - Writing better scenario
BDD - Writing better scenarioBDD - Writing better scenario
BDD - Writing better scenarioArnauld Loyer
 
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry WhiteGTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry WhiteGerry White
 
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)nous sommes vivants
 
Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09Chris Stevens
 
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...Kahena Digital Marketing
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationSeo Indonesia
 
Website Optimization -SEO - Step By Step
Website Optimization -SEO - Step By StepWebsite Optimization -SEO - Step By Step
Website Optimization -SEO - Step By StepMia Lee
 
Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1Jeff Potts
 
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 201410 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014Timon Hartung
 
Dreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile designDreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile designDee Sadler
 
SES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe DolsonSES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe DolsonJoseph Dolson
 
So you want to build a Facebook app
So you want to build a Facebook appSo you want to build a Facebook app
So you want to build a Facebook appkamal.fariz
 
Facebook Development with Zend Framework
Facebook Development with Zend FrameworkFacebook Development with Zend Framework
Facebook Development with Zend FrameworkBrett Harris
 
Accelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMPAccelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMPJono Alderson
 
Directory Submissions List
Directory Submissions ListDirectory Submissions List
Directory Submissions ListMarkandey Singh
 
The State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite ScrollThe State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite ScrollAdam Gent
 
Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5Hamlet Batista
 

Tendances (20)

Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
Optimizing with Server Logs | Jamie Alberico @ #TechSEO Boost 2018
 
Challenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering serviceChallenges of building a search engine like web rendering service
Challenges of building a search engine like web rendering service
 
BDD - Writing better scenario
BDD - Writing better scenarioBDD - Writing better scenario
BDD - Writing better scenario
 
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry WhiteGTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
GTM Clowns, fun and hacks - Search Elite - May 2017 Gerry White
 
Fast by Default
Fast by DefaultFast by Default
Fast by Default
 
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)
 
Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09Traxo Presentation - Facebook Garage Dallas 09
Traxo Presentation - Facebook Garage Dallas 09
 
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers Presentation
 
Website Optimization -SEO - Step By Step
Website Optimization -SEO - Step By StepWebsite Optimization -SEO - Step By Step
Website Optimization -SEO - Step By Step
 
Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1Optaros Surf Code Camp Walkthrough 1
Optaros Surf Code Camp Walkthrough 1
 
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 201410 Things Webdesigners tend to do Wrong in SEO - SMX 2014
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014
 
Dreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile designDreamweaver CS6, jQuery, PhoneGap, mobile design
Dreamweaver CS6, jQuery, PhoneGap, mobile design
 
SES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe DolsonSES Toronto 2008; Joe Dolson
SES Toronto 2008; Joe Dolson
 
So you want to build a Facebook app
So you want to build a Facebook appSo you want to build a Facebook app
So you want to build a Facebook app
 
Facebook Development with Zend Framework
Facebook Development with Zend FrameworkFacebook Development with Zend Framework
Facebook Development with Zend Framework
 
Accelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMPAccelerated Mobile - Beyond AMP
Accelerated Mobile - Beyond AMP
 
Directory Submissions List
Directory Submissions ListDirectory Submissions List
Directory Submissions List
 
The State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite ScrollThe State of the Web: Pagination and Infinite Scroll
The State of the Web: Pagination and Infinite Scroll
 
Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5Solving Complex JavaScript Issues and Leveraging Semantic HTML5
Solving Complex JavaScript Issues and Leveraging Semantic HTML5
 

Similaire à 2012 03 27_philly_jug_rewrite_static

Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"Fwdays
 
Creating an Effective Mobile API
Creating an Effective Mobile API Creating an Effective Mobile API
Creating an Effective Mobile API Nick DeNardis
 
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...Marco Cedaro
 
Search Engine Spiders
Search Engine SpidersSearch Engine Spiders
Search Engine SpidersCJ Jenkins
 
Dev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrDev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrJohn Allspaw
 
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...Marco Cedaro
 
Stapling and patching the web of now - ForwardJS3, San Francisco
Stapling and patching the web of now - ForwardJS3, San FranciscoStapling and patching the web of now - ForwardJS3, San Francisco
Stapling and patching the web of now - ForwardJS3, San FranciscoChristian Heilmann
 
Moving from Web 1.0 to Web 2.0
Moving from Web 1.0 to Web 2.0Moving from Web 1.0 to Web 2.0
Moving from Web 1.0 to Web 2.0Estelle Weyl
 
Play framework 2 : Peter Hilton
Play framework 2 : Peter HiltonPlay framework 2 : Peter Hilton
Play framework 2 : Peter HiltonJAX London
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
SXSW 2012 JavaScript MythBusters
SXSW 2012 JavaScript MythBustersSXSW 2012 JavaScript MythBusters
SXSW 2012 JavaScript MythBustersElena-Oana Tabaranu
 
Automation Abstractions: Page Objects and Beyond
Automation Abstractions: Page Objects and BeyondAutomation Abstractions: Page Objects and Beyond
Automation Abstractions: Page Objects and BeyondTechWell
 
Finding harmony in web development
Finding harmony in web developmentFinding harmony in web development
Finding harmony in web developmentChristian Heilmann
 
Web Development Foundation & Team Collaboration
Web Development Foundation & Team CollaborationWeb Development Foundation & Team Collaboration
Web Development Foundation & Team CollaborationSupanat Potiwarakorn
 

Similaire à 2012 03 27_philly_jug_rewrite_static (20)

Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"Stefan Judis "Did we(b development) lose the right direction?"
Stefan Judis "Did we(b development) lose the right direction?"
 
Creating an Effective Mobile API
Creating an Effective Mobile API Creating an Effective Mobile API
Creating an Effective Mobile API
 
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...
 
SearchMonkey
SearchMonkeySearchMonkey
SearchMonkey
 
URL Design
URL DesignURL Design
URL Design
 
Search Engine Spiders
Search Engine SpidersSearch Engine Spiders
Search Engine Spiders
 
Dev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrDev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and Flickr
 
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...
FFWD.PRO - It's not you, It's me (or how to avoid being coupled with a Javasc...
 
Stapling and patching the web of now - ForwardJS3, San Francisco
Stapling and patching the web of now - ForwardJS3, San FranciscoStapling and patching the web of now - ForwardJS3, San Francisco
Stapling and patching the web of now - ForwardJS3, San Francisco
 
Walter api
Walter apiWalter api
Walter api
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 
Moving from Web 1.0 to Web 2.0
Moving from Web 1.0 to Web 2.0Moving from Web 1.0 to Web 2.0
Moving from Web 1.0 to Web 2.0
 
Play framework 2 : Peter Hilton
Play framework 2 : Peter HiltonPlay framework 2 : Peter Hilton
Play framework 2 : Peter Hilton
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
SXSW 2012 JavaScript MythBusters
SXSW 2012 JavaScript MythBustersSXSW 2012 JavaScript MythBusters
SXSW 2012 JavaScript MythBusters
 
4-identifying-problems.pdf
4-identifying-problems.pdf4-identifying-problems.pdf
4-identifying-problems.pdf
 
Automation Abstractions: Page Objects and Beyond
Automation Abstractions: Page Objects and BeyondAutomation Abstractions: Page Objects and Beyond
Automation Abstractions: Page Objects and Beyond
 
Finding harmony in web development
Finding harmony in web developmentFinding harmony in web development
Finding harmony in web development
 
Web Development Foundation & Team Collaboration
Web Development Foundation & Team CollaborationWeb Development Foundation & Team Collaboration
Web Development Foundation & Team Collaboration
 

Dernier

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Dernier (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

2012 03 27_philly_jug_rewrite_static

  • 1. Philly Java Users Group Security and Usability URL-rewriting for the next-generation web user Lincoln Baxter, III Senior Software Engineer Founder Red Hat, Inc. http://ocpsoft.org/ 2012-03-27 “Simpler is better.”
  • 2. What is URL-rewriting? Any manipulation of the HTTP Request/Response life-cycle.
  • 3. Mind the gap. ● Gap #1: “Relocated” or missing resources ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting of useful information ● Gap #5: Validation of user input ● … (and actually many more)
  • 4. One big thing. “Without URL-rewriting, our life would be $#@!'ing hell.”
  • 5. Gap #1: “Relocated” or missing resources
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 18. What does it mean?
  • 20. 1. The content existed and now does not. 2. The content never existed, fool.
  • 21. Translated. “Either the website sucks or you suck, and neither is going to make anyone happy.”
  • 22. 2 ways to have a magical 404 experience ...
  • 23. 301 Moved Permanently 302 Moved Temporarily
  • 24. Google says, “Redirect to the new URL for at least 180 days.”
  • 25.
  • 26. Gap #2: URL-readability http://www.amazon.com/Kin dle-Touch-Wi-Fi-Ink- Display/dp/B005890G8Y/ref =amb_link_357575542_6? pf_rd_m=ATVPDKIKX0DER&pf_ rd_s=gateway-center- column&pf_rd_r=1T2J5PYBVZ ZWBHWN1BP1&pf_rd_t=101&pf _rd_p=1321408942&pf_rd_i= 507846 wtf?
  • 29. Tired of trash in your face? http://www.amazon.com/Kindle-Touch-Wi-Fi-Ink- Display/dp/B005890G8Y/ref=amb_link_357575542_6? pf_rd_m=ATVPDKIKX0DER&pf_rd_s=gateway-center- column&pf_rd_r=1T2J5PYBVZZWBHWN1BP1&pf_rd_t=101&pf_rd_p=132 1408942&pf_rd_i=507846
  • 30. There's plenty of space out in space! http://amazon.com/shop/kindle-touch? tracker=AAasfds3r32ydkl6fd854kdjf84hf idbdgv64n0curnoxydkl6fd854kdjf84hfidb dgv64n0ge8nfbh...
  • 31. Gap #3: Revealing sensitive information Visit: http://microsoft.com/genuine/downloads/faq.aspx You will be redirected to a page without .aspx suffix
  • 32. .xhtml .do .asp .jsp / .php .cgi .jsf
  • 33. A good magician never reveals the implementation.
  • 34. Gap #4: Formatting of useful information http://example.com/buy/1/shoes/store
  • 36. Why are people afraid of buying used cars?
  • 37. You never know what you are going to get.
  • 39. Built trust by reducing clutter & using clean URLs Before: http://example.com/news.xhtml?p=my-new-post After: http://example.com/news/my-new-post/
  • 40. Gap #5: Validation of user input URLs are user-input and your website is vulnerable!
  • 41. Aspect Security says: Two of three recent security vulnerabilities in web-frameworks are URL-based. * * https://www.aspectsecurity.com/uploads/downloads/2012/03/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf
  • 42.
  • 43.
  • 44. Real Life... http://www.llbean.com/webapp/wcs/stores/servlet/CategoryDisplay? categoryId=28&storeId=1&catalogId=1&langId=-1&nav=hp-gndp
  • 46. Vulnerable! wtf? http://www.llbean.com/webapp/wcs/stores/servlet/CategoryDisplay? categoryId=28&storeId=1&catalogId=1&langId=-1&nav=hp-gndp validate? Cluttered!
  • 47. Mind the gap. ● Gap #1: “Relocated” resources (404) ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting of useful information ● Gap #5: Validation of user input
  • 49. Basic things we can do with all types of URL-rewriting ● Redirection & Relocation ● Parameterization /store/{category}/{item} Accept-Charset: UTF-8 /store/$attack-%3/begin ● Simple URL validation ● Add/Remove Headers
  • 53. blatant lie “I have no personal investment in any of these tools.” - Me
  • 54. Cool things we can do with Filter- based Java URL-rewriting ● Transformation and Canonicalization ● Complex Validation ● Data Conversion example.com/project/FOO ● Request interception("/store/product/{pid}") .when(Path.matches example.com/project/foo .where("pid") ● And more... property("productBean.product") .bindsTo(El. .convertedBy(ProductConverter.class) .validatedBy(ProductValidator.class)))
  • 55. Some things you should NOT do, with Java URL-rewriting If it needs to run when your app doesn't... you probably don't want to put it in your app.
  • 57. Access Control / Timer Demo ( http://access-rewrite.rhcloud.com/ ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
  • 58. Rest Validation/Conversion Demo ( http://rest-rewrite.rhcloud.com ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
  • 59. Composite Query Demo ( http://composite-rewrite.rhcloud.com ) ● Problem #1: “Relocated” resources (404) ● Problem #2: Readability & Clutter ● Problem #3: Revealing sensitive information ● Problem #4: Formatting useful information ● Problem #5: Validation of user input
  • 60. Bonus round! But client-side web applications are the future, can't I just ignore the URL and use WebSockets?!
  • 61. Client side browser applications http://twitter.com/#!/lincolnthree requests #!/lincolnthree #!/connect serves #!/discover #!/lincolnthree/status/180 710662975143936 #!/li
  • 62. How can we clean it up? http://example.com/ t u es req e ns po res example.com/login example.com/signup request example.com/lincoln/myproject resp ? ons e
  • 63. Handling bookmarks example.com/ example.com/login t example.com/lincoln/myproject ues req serves inspec ts / login lincoln/... profile
  • 64. Where am I? example.com/ example.com/lincoln example.com/lincoln/myproject example.com/lincoln/lincoln How do you determine the Context Root? example.com/ ? example.com/lincoln ? example.com/lincoln/lincoln ?
  • 65. Resolve the Context Root http://example.com/lincoln t es req u + / e ns po res HEAD /lincoln?org.ocpsoft.rewrite.history.ContextPath st reque respons 200 OK - Set Header: ContextPath = / e
  • 66.
  • 67. Demos ● Access control (Request Interception) ● REST (Validation and Conversion) ● Composite Query (Security and Usability) ● SocialPM Rich Client (Browser Applications)
  • 68. Mind the gap. ● Gap #1: “Relocated” resources (404) ● Gap #2: Readability & Clutter ● Gap #3: Revealing sensitive information ● Gap #4: Formatting useful information ● Gap #5: Validation of URLs ● … (and actually many more)
  • 69. One big thing. “Without URL-rewriting, our life would be $#@!'ing hell.”
  • 72. You have options, but if you liked what you saw... ● Try it now: ocpsoft.org/rewrite ● Get involved: github.com/ocpsoft/rewrite