hi reshmi.. i donno what excetly you want to do.. but one way to call a servlet of different web application is giving the absolute web address in the sendRedirect like below..
this will force the browser to call the servlet.. but if you mean that u want to share a piece of data among two web-applications in same server then i think that's not possible hope this helps you.. Thanks Amit
****************************<br />In 24 hrs Earth rotates once on its Axis.
You can use servletContext.getContext(String uripath).
This method allows servlets to gain access to the context for various parts of the server, and as needed obtain RequestDispatcher objects from the context. The given path must be begin with "/", is interpreted relative to the server's document root and is matched against the context roots of other web applications hosted on this container.
In a security conscious environment, the servlet container may return null for a given URL. In Tomcat you can use some configuration file to allow the communication if the container does not allow it.
Yes, there are security concerns doing direct communication between web applications (as opposed to sendRedirect or posting between them), but there are often other vendor specific problems too. When we tried to achieve this once to allow us to .include a jsp from another context, they occured in difference threads and we couldn't control where the jsp was included. In practice I'm not sure it's a very good idea. Dave
Since both the applications are running in the same container I was just wondering what security issues could come up?
Just because two Web applications run on the same sever (same container) does not mean that they are developed by the same people and want to share data arbitrarily. For example, I teach a JSP/servlet class in the Johns Hopkins University part-time graduate program in Computer Science. We use Tomcat, and each student has their own Web app (mapped to http://hostname/~userID/, in fact). One student shouldn't be able to change/delete entries in another student's ServletContext, so we have this disabled. Whether myServletContext.getContext(contextPath) returns null or not depends on the container settings -- in Tomcat you get null unless server.xml specifies crossContext="true" for the app or for DefaultContext. Cheers- - Marty
Java training and consulting<br /><a href="http://www.coreservlets.com/" target="_blank" rel="nofollow">http://www.coreservlets.com/</a>
Ko Ko Naing
Joined: Jun 08, 2002
Originally posted by Marty Hall:
For example, I teach a JSP/servlet class in the Johns Hopkins University part-time graduate program in Computer Science. We use Tomcat, and each student has their own Web app (mapped to http://hostname/~userID/, in fact). One student shouldn't be able to change/delete entries in another student's ServletContext, so we have this disabled.
I think that is a very good example about the security issue among different web apps... Since you are an experienced instructor, it's a piece of cake for you to provide such example for someone else...