Home/ Questions/Q 626295
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T19:24:12+00:00

Seems like a stupid question to which the answer would be Don’t use encodeURL()!

  • 0

Seems like a stupid question to which the answer would be “Don’t use encodeURL()!” but I’m working with a codebase that uses netui anchor tags in the JSPs and I need to disable the writing of JSESSIONID into the URLs as it is a security risk.

In WebLogic, you can configure this by configuring url-rewriting-enabled in weblogic.xml (I know because I wrote that feature in the WebLogic server!). However, I can’t find an equivalent config option for Tomcat.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No setting comes to mind. But this is fairly easy to do by creating a first-entry Filter listening on the url-pattern of interest (maybe /* ?) and replaces the ServletResponse by a HttpServletResponseWrapper implementation where the encodeURL() returns the very same argument unmodified back.

    Kickoff example:

    public void doFilter(ServletRequest request, ServletResponse response) throws ServletException, IOException {
    chain.doFilter(request, new HttpServletResponseWrapper((HttpServletResponse) response) {
        public String encodeURL(String url) {
            return url;
        }
    });
}
    • 0