Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Servlet Forward Command

 
Ron Graham
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you forward from one servlet to another, is there a way to remove parameters from the HTTP request object? For example, you have a login servlet that after authentication forwards on to an application servlet. How do I remove the id and password input parameters from the request so they do not sent forward?
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm sure I just answered a question very like this in this other thread.
 
Darryl Failla
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So the information is actually being sent, but access by the second servlet is denied? If so, what guarantees the security?
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Java object model, I guess.
If you really don't trust another servlet in the same application, then you should do a browser-redirect instead of a forward. It's a bit slower an clumsier, but that way there is a completely different request with completely different parameters.
But may I ask why you think this might be a problem? The "destination" servlet is part of the same application as the "login" one, so anything the login code can do, so can the other servlet.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic