aspose file tools*
The moose likes Servlets and the fly likes Servlet Forward Command Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Forward Command" Watch "Servlet Forward Command" New topic
Author

Servlet Forward Command

Ron Graham
Greenhorn

Joined: Jan 30, 2004
Posts: 2
When you forward from one servlet to another, is there a way to remove parameters from the HTTP request object? For example, you have a login servlet that after authentication forwards on to an application servlet. How do I remove the id and password input parameters from the request so they do not sent forward?
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
I'm sure I just answered a question very like this in this other thread.


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Darryl Failla
Ranch Hand

Joined: Oct 16, 2001
Posts: 129
So the information is actually being sent, but access by the second servlet is denied? If so, what guarantees the security?


Darryl Failla
Sun Certified Java 2 Programmer
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
The Java object model, I guess.
If you really don't trust another servlet in the same application, then you should do a browser-redirect instead of a forward. It's a bit slower an clumsier, but that way there is a completely different request with completely different parameters.
But may I ask why you think this might be a problem? The "destination" servlet is part of the same application as the "login" one, so anything the login code can do, so can the other servlet.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Servlet Forward Command