tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [OT] Accessing HREF Target from Servlet
Date Sat, 29 Jun 2013 15:29:27 GMT
George S. wrote:
> I have a question. I'm doing some oAuth stuff, and the remote site is 
> redirecting me to:
> 
> my_url.html#something=blah&other_thing=blah-blah
> 
> I can see this is the url in the redirect of my browser bar.
> 
> What I can't figure out is how to access the part of the URL after the 
> pound sign. I've tried getRequestURI(), getPathInfo(), getServletPath(), 
> getPathTranslated(), and nothing is working. Also, the elements are 
> (correctly) not showing up in the parameters collection.
> 
> How can I get that part of the URL from inside a servlet?
> 

Hi.
Apart from the answers you already got, and because I am curious :
You seem to say above that this is part of some "Auth" stuff, so I have 2 questions about

that :

1) Why would you need to access that part after the "#" for Auth stuff ?
Intuitively, the part after the "#" is inside of a page. So if access to the page is 
already granted/forbidden by the Auth stuff, the part inside of the page should not matter.

2) you also mention (later) that you will be using Javascript to solve the issue.
That means that by the time the Javascript is executed, the page is already in the 
browser.  From a security point of view, anything that is already in the browser can be 
saved by the user, modified, loaded again and submitted to the server.
So is there not a risk here in doing something with Javascript ?

Just being curious, and I can live without the answers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message