aspose file tools*
The moose likes Servlets and the fly likes Manipulating POST parameters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Manipulating POST parameters" Watch "Manipulating POST parameters" New topic
Author

Manipulating POST parameters

Michael Mendelson
Ranch Hand

Joined: Dec 19, 2000
Posts: 73
Hello, Gang! Thanks in advance for your help.
I'm writing a single-login "portal" servlet that will accept a user's login, and then provide access to various 3rd-party web-based resources.
Most of these 3rd-party resources require a login name and password, and I would like the end user not to see that.
Some of the 3rd-party logins accept a GET statement, and for those it's just a matter of issuing a sendRedirect(url) and tacking the paraameters on the end of the url. No problem so far.
Other 3rd-party logins require a POST. This is more of a problem. How do I add the appropriate POST parameters to the end user's request, and redirect them to the appropriate url with authentication?
Thanks,
Michael
[ June 17, 2002: Message edited by: Michael Mendelson ]
Maulin Vasavada
Ranch Hand

Joined: Nov 04, 2001
Posts: 1871
hi
use JavaScript.
-prepare an appropriate FORM and fill in the correct values.
-write method=post and appropriate action in the form tag
-onLoad method of body tag submit the form.
it shd work.
regards
maulin.
Michael Mendelson
Ranch Hand

Joined: Dec 19, 2000
Posts: 73
Thanks, Maulin.
This is an excellent idea and I may end up doing it. However, the key here is that I would much prefer to keep the usernames and passwords of the 3rd-party accounts hidden.
But it seems that from the server side, it is not straight-forward to manipulate the HttpServletRequest and pass it on to another url.
Perhaps there is some other way?
Or perhaps this is a deliberate oversight on the part of Sun, for security reasons?
Pho Tek
Ranch Hand

Joined: Nov 05, 2000
Posts: 761

Have you considered servlet filters ? Before the form is posted to your controller servlet, add you 3rd party stuff in the filter.
Pho


Regards,

Pho
Michael Mendelson
Ranch Hand

Joined: Dec 19, 2000
Posts: 73
Well Pho, what I really need is an "intelligent redirect."
How would filtering help, given the way the request object works? Can you give an example?
Thanks.
Mandy Smith
Ranch Hand

Joined: Jun 26, 2001
Posts: 62
Can you not put what ever the values you want into session? I don't know exactly what you are actually doing.
Just my thought.
Michael Mendelson
Ranch Hand

Joined: Dec 19, 2000
Posts: 73
Perhaps it's not clear what I'm doing. I'm accepting a single login from the user, and in turn, redirecting them to their choice of "other resources".
Just to give you a more concrete idea, the product is a "virtual library" and the resources are card catalogs, full text periodicals, a dictionary service, etc.
These resources are web sites run by other companies (with whom we have a cooperative agreement), and can be anywhere. A number of our users (or in some cases ALL of them) share a single login on one of their systems.
They each have their own login routines ("remote logins"), and some require a POST.
I want these "remote logins" to be transparent to the end users. In fact, they should not even see what the remote username and password are. The reason is that if their subscription runs out with our service, they should not be allowed to access them directly by bookmarking (as in a GET, where parameters are in the url).
So on the main page of our system, I want the user to be able to click on "dictionary" and "magically" be logged into the dictionary site. To do this, I need to manipulate the HttpServletRequest object that they submitted to my servlet, and redirect them WITH POST parameters - something that doesn't seem possible using "standard" java.
Is this a little more clear?
Mandy Smith
Ranch Hand

Joined: Jun 26, 2001
Posts: 62
I did not quite clearly understand what you are trying to do. So i am not sure how to do in your case. Can u not put the parameters into the outputstream? So that the other application can get this either using a Get method or using a Url connection...
for eg something like this.
ServletOutputStream out = res.getOutputStream();
out.println("" + login)
.
..
Just my thought.
Michael Mendelson
Ranch Hand

Joined: Dec 19, 2000
Posts: 73
I told Maulin I would post this...
I will try this tomorrow and follow up.

> what i think is if u do the stuff i suggested u r
> never going to see the "intermediate" page that
> actually had the FORM and Hidden Parameters for User,
> Password.
>
> what i mean is say u have following files,
> 1. loginServlet -- displaying the loginpage
> 2. singlelogon.jsp -- that has FORM having hiddent
> username,password field and in body tag u have onLoad
> = submit the form.
>
> 3. newpage.whatever.. -- the actual page u won display
> after u logon to a particular destination server
> seamlessly...
>
> now, when u pass reqeust having username, password (of
> course after the authentication) to the
> singlelogon.jsp that jsp will get loaded, will fill in
> the form info from requestParameters and then
> immediately will submit FORM to the 3rd page (as we
> have onLoad submit).. so u won't EVER see 2nd page in
> ur browser. will u? try it and let me know...i did
> soemthing like this and it worked for me for good..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Manipulating POST parameters
 
Similar Threads
Unable to edit http://faq.javaranch.com/... pages
Single sign on for multiple webapps
Disabling cookies
can we add or remove a form attribute by javascript ?
[B]Urgent : HttpsURLConnection[/B]