tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark R. Diggory" <mdigg...@latte.harvard.edu>
Subject Re: forwarding to j_security_check?
Date Tue, 15 Apr 2003 21:30:55 GMT
I guess what I'm suggesting is that your sending a redirect response to 
the browser with the users password parameterized in it, I also suspect 
it would be exposed on the address bar if you stop the redirect from 
occuring, this is exposing the users password over the network (possibly 
after working very hard to secure it with digest and ssl) and is not a 
very secure thing to do. This is why I was looking for a forwarding 
strategy that would stay within the server itself.

Thanks for checking it out though :-)
-Mark

Raible, Matt wrote:

>I don't believe so, let me check my history.  
>
>Nope.  
>
>Matt
>
>  
>
>>-----Original Message-----
>>From: Mark R. Diggory [mailto:mdiggory@latte.harvard.edu]
>>Sent: Tuesday, April 15, 2003 3:10 PM
>>To: Tomcat Users List
>>Subject: Re: forwarding to j_security_check?
>>
>>
>>Yes, It does, but you expose the users password in the 
>>browser history 
>>don't you?
>>
>>-Mark
>>
>>Raible, Matt wrote:
>>
>>    
>>
>>>This works in Tomcat 4.1.x
>>>
>>>String route = "j_security_check?j_username=" + username
>>>                       + "&j_password=" + password;
>>>
>>>response.sendRedirect(response.encodeRedirectURL(route));
>>>
>>> 
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: Mark R. Diggory [mailto:mdiggory@latte.harvard.edu]
>>>>Sent: Tuesday, April 15, 2003 2:49 PM
>>>>To: Tomcat Users List
>>>>Subject: forwarding to j_security_check?
>>>>
>>>>
>>>>Question:
>>>>
>>>>I'd like to be able to forward a request to 
>>>>        
>>>>
>>"j_security_check" from a
>>    
>>
>>>>Servlet. Is this possible? I know its a Valve, I'm struggling 
>>>>with a way 
>>>>to make a forward request to a resource that will activate 
>>>>        
>>>>
>>the valve.
>>    
>>
>>>>-Mark
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------
>>>>        
>>>>
>>---------
>>    
>>
>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>> 
>>>
>>>      
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message