tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Redirecting from unprotected resource to a protected one
Date Fri, 02 Nov 2012 16:21:54 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lyallex,

On 11/2/12 9:43 AM, Lyallex wrote:
> When I have validated the data I want to forward to a protected
> resource like this
> 
> forwardTarget = "/account/accountView.jsp";
> 
> RequestDispatcher rd = 
> getServletContext().getRequestDispatcher(forwardTarget); 
> rd.forward(request, response);
> 
> What I was hoping would happen is that the user would be required
> to login but we get to the protected resource without the login
> screen appearing. I realise that I am forwarding an existing
> (unauthenticated) request
> 
> I could simply redirect to an 'account created log in now page' but
> that's a bit naff.

The problem is that you are doing a forward and not a redirect.

> Is it possible to redirect to a protected resource from an
> unprotected one ?

Yes, but you have to actually do a redirect. Using "forward" allows
you to bypass security constraints.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCT8yIACgkQ9CaO5/Lv0PD34gCgssVhb7VtGtS+GFaDQ/lYkO/6
hsUAoL43K5N4d87hx4zZG/twED9hJhaC
=HWNf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message