tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Jackson" <>
Subject RE: INSECURE to rely on sendRedirect (??)
Date Fri, 24 Jan 2003 18:24:56 GMT
Actually I use a MVC architecture, my controller has a "standard" model for
doing logins.  So I just change the look for the login page and change the
configuration file a little and I'm done.  Nearly 100% code reuse (if you
consider the relatively static login page to be code).  Since my system is
fast and easy I haven't seen the need to branch out into new things yet.

mike jackson

> -----Original Message-----
> From: Erik Price []
> Sent: Friday, January 24, 2003 10:20 AM
> To: Tomcat Users List
> Subject: Re: INSECURE to rely on sendRedirect (??)
> Mike Jackson wrote:
> >
> > So, in the end, I'm not clear on how filters work exactly
> (haven't needed to
> > use them yet), but when you're using the header type redirect
> you need to
> > make sure that you're not going to send back anything other than the
> > redirect.  If you do send something most clients will work properly, but
> > some won't.
> >
> Filters are like mini-servlets sort of, but they intercept a request for
> a resource and do something before passing the request along to the
> resource.  In my case, I wanted to call sendRedirect() from the filter,
> but it looks like that doesn't happen fast enough.  Using a return
> statement to terminate the doFilter() method call before it calls
> doFilterChain() seems to work though, as suggested by Tim Moore.
> The nice thing about a Filter is you can have one Filter mapped to every
> resource in the site, I'm not sure how you could get that with a regular
> servlet...
> Erik
> --
> To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message