tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Hadden" <ahad...@authentica.com>
Subject RE: response.sendRedirect
Date Fri, 05 Sep 2003 18:55:17 GMT
The one thing you want to watch out for with relative redirects is that they're converted by
the servlet container to absolute URLs (this is in the servlet spec).  This is, by the letter
of the HTTP spec, the correct thing to do.  Unfortunately, it can cause problems in deployments
where an proxying SSL accelerator is used.  These are proxies that take HTTPS requests and
convert them to HTTP requests, handling all the SSL crypto stuff in the process (this technique
is used in some high-volume deployments where SSL is required...the SSL stuff can be done
in hardware).

Consider the following:

- browser requests https://visibleserver/a.jsp
- a proxy SSL accelerator does the SSL processing, then forwards the 
  request via standard HTTP to http://realserver/a.jsp
- the web application does some processing, followed by a 
  response.sendRedirect("b.jsp"), which the servlet 
  container trainslates to http://realserver/b.jsp.  
  This is probably not what the programmer intended

There are a couple of things you can do to solve this problem:

* Change all sendRedirect calls to use absolute URLs.  This implies that you know the absolute
URL...it'd have to be a parameter to the web application, or something.

OR

* Implement your own sendRedirect method that sends the relative URL to the browser.  This
does not adhere to the HTTP spec, but all the browsers I tested seem to handle it fine (I've
read elsewhere that this was the case too).

Anyway, this probably isn't an issue for most people.  If you have a commercial application
and can't control the deployment, you should at least consider this, though.

Allen

> -----Original Message-----
> From: Christopher Williams [mailto:ccwilliams3@ntlworld.com] 
> Sent: Friday, September 05, 2003 2:22 PM
> To: Tomcat Users List
> Subject: Re: response.sendRedirect
> 
> 
> Say you're accessing pages on localhost, so your URLs take the form
>     http://localhost:8080/war-file/jsp-file
> then the servlet container root is http://localhost:8080/ and 
> a redirect to
> "/another-war-file/another.jsp" would be a redirect to:
>     http://localhost:8080/another-war-file/another.jsp
> 
> In sendRedirect, I'm fairly sure that you simply use 
> "/cal/form/index.jsp".
> That sort of pattern always works for my webapps.
> 
> ----- Original Message ----- 
> From: "Charlie Toohey" <ctoohey@pacbell.net>
> To: <tomcat-user@jakarta.apache.org>
> Sent: Friday, September 05, 2003 7:07 PM
> Subject: response.sendRedirect
> 
> 
> > The Servlet API doc for the sendRedirect method states:
> >
> > "....If the location is relative with a leading '/' the container
> interprets
> > it as relative to the servlet container root....."
> >
> > I've looked thru the Servlet Spec and can not quite figure 
> out what they
> mean
> > by servlet container root ? Is this a typo and supposed to 
> be servlet
> context
> > root ? Or is there really such a thing as the servlet 
> container root, and
> if
> > so, what is it ?
> >
> > e.g. if my context path is "/cal" and I want to redirect to
> > "/cal/form/index.jsp", what would I use in sendRedirect ?
> > (I know I could do a forward, but want to redirect in my situation)
> >
> > Thanks,
> > Charlie
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

Mime
View raw message