Return-Path: 
 <tomcat-user-return-60830-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 23535 invoked from network); 15 Apr 2003 21:29:03 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 15 Apr 2003 21:29:03 -0000
Received: (qmail 29162 invoked by uid 97); 15 Apr 2003 21:31:01 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 29154 invoked from network); 15 Apr 2003 21:31:01 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 15 Apr 2003 21:31:01 -0000
Received: (qmail 22005 invoked by uid 500); 15 Apr 2003 21:28:45 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 21985 invoked from network); 15 Apr 2003 21:28:45 -0000
Received: from latte.harvard.edu (140.247.210.252)
  by daedalus.apache.org with SMTP; 15 Apr 2003 21:28:45 -0000
Received: from latte.harvard.edu (lorien.fas.harvard.edu
 [::ffff:140.247.212.206])
  (IDENT: bgates, AUTH: LOGIN mdiggory)
  by latte.harvard.edu with esmtp; Tue, 15 Apr 2003 17:28:57 -0400
Message-ID: <3E9C7A0F.5080202@latte.harvard.edu>
Date: Tue, 15 Apr 2003 17:30:55 -0400
From: "Mark R. Diggory" <mdiggory@latte.harvard.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: forwarding to j_security_check?
References: <41669DC6FE3B80449A33A4DD46DB370A0224F012@Entcoexch15>
In-Reply-To: <41669DC6FE3B80449A33A4DD46DB370A0224F012@Entcoexch15>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

I guess what I'm suggesting is that your sending a redirect response to 
the browser with the users password parameterized in it, I also suspect 
it would be exposed on the address bar if you stop the redirect from 
occuring, this is exposing the users password over the network (possibly 
after working very hard to secure it with digest and ssl) and is not a 
very secure thing to do. This is why I was looking for a forwarding 
strategy that would stay within the server itself.

Thanks for checking it out though :-)
-Mark

Raible, Matt wrote:

>I don't believe so, let me check my history.  
>
>Nope.  
>
>Matt
>
>  
>
>>-----Original Message-----
>>From: Mark R. Diggory [mailto:mdiggory@latte.harvard.edu]
>>Sent: Tuesday, April 15, 2003 3:10 PM
>>To: Tomcat Users List
>>Subject: Re: forwarding to j_security_check?
>>
>>
>>Yes, It does, but you expose the users password in the 
>>browser history 
>>don't you?
>>
>>-Mark
>>
>>Raible, Matt wrote:
>>
>>    
>>
>>>This works in Tomcat 4.1.x
>>>
>>>String route = "j_security_check?j_username=" + username
>>>                       + "&j_password=" + password;
>>>
>>>response.sendRedirect(response.encodeRedirectURL(route));
>>>
>>> 
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: Mark R. Diggory [mailto:mdiggory@latte.harvard.edu]
>>>>Sent: Tuesday, April 15, 2003 2:49 PM
>>>>To: Tomcat Users List
>>>>Subject: forwarding to j_security_check?
>>>>
>>>>
>>>>Question:
>>>>
>>>>I'd like to be able to forward a request to 
>>>>        
>>>>
>>"j_security_check" from a
>>    
>>
>>>>Servlet. Is this possible? I know its a Valve, I'm struggling 
>>>>with a way 
>>>>to make a forward request to a resource that will activate 
>>>>        
>>>>
>>the valve.
>>    
>>
>>>>-Mark
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------
>>>>        
>>>>
>>---------
>>    
>>
>>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>> 
>>>
>>>      
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org