Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Servlets and the fly likes Servlet Forward Command Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Forward Command" Watch "Servlet Forward Command" New topic

Servlet Forward Command

Ron Graham

Joined: Jan 30, 2004
Posts: 2
When you forward from one servlet to another, is there a way to remove parameters from the HTTP request object? For example, you have a login servlet that after authentication forwards on to an application servlet. How do I remove the id and password input parameters from the request so they do not sent forward?
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
I'm sure I just answered a question very like this in this other thread.

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Darryl Failla
Ranch Hand

Joined: Oct 16, 2001
Posts: 129
So the information is actually being sent, but access by the second servlet is denied? If so, what guarantees the security?

Darryl Failla
Sun Certified Java 2 Programmer
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
The Java object model, I guess.
If you really don't trust another servlet in the same application, then you should do a browser-redirect instead of a forward. It's a bit slower an clumsier, but that way there is a completely different request with completely different parameters.
But may I ask why you think this might be a problem? The "destination" servlet is part of the same application as the "login" one, so anything the login code can do, so can the other servlet.
I agree. Here's the link:
subject: Servlet Forward Command
It's not a secret anymore!