my dog learned polymorphism*
The moose likes Servlets and the fly likes Servlet Forward Command Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Forward Command" Watch "Servlet Forward Command" New topic
Author

Servlet Forward Command

Ron Graham
Greenhorn

Joined: Jan 30, 2004
Posts: 2
When you forward from one servlet to another, is there a way to remove parameters from the HTTP request object? For example, you have a login servlet that after authentication forwards on to an application servlet. How do I remove the id and password input parameters from the request so they do not sent forward?
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
I'm sure I just answered a question very like this in this other thread.


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Darryl Failla
Ranch Hand

Joined: Oct 16, 2001
Posts: 128
So the information is actually being sent, but access by the second servlet is denied? If so, what guarantees the security?


Darryl Failla
Sun Certified Java 2 Programmer
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
The Java object model, I guess.
If you really don't trust another servlet in the same application, then you should do a browser-redirect instead of a forward. It's a bit slower an clumsier, but that way there is a completely different request with completely different parameters.
But may I ask why you think this might be a problem? The "destination" servlet is part of the same application as the "login" one, so anything the login code can do, so can the other servlet.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Servlet Forward Command
 
Similar Threads
POST form data from Servlet to JSP
Call servlet from action class
Servlet Spec question
request
session variable problem, please help