I am using response.sendRedirtect(), to call a servlet which is on another webapp. The problem here is that the URL is exposed to the end user.
I need to call Servlet2 from Servlet1. Servlet2 is on a different webapp.
I need to call Servlet2 by passing username and password in the URL, the values of which I will be using to authenticate and on authentication will populate the session.
I don't want the username/password values to be exposed to the user.
I tried using RequestDispatcher but the same gave problems while using the session created from the request. I could invoke the doGet() of Servlet2 and I could create, populate the session and could also generate a form. On submission of the form which calls the doPost() of Servlet2, the session is found to be invalid.
I am not facing the above session invalid problem when I am using response.sendRedirect() while I call Servlet2 from Servlet1.
Please help me solve this problem.
Thanks, Sreeni [ May 17, 2006: Message edited by: sreeni san ]
Joined: Mar 27, 2003
Are your two Web applications deployed to the same container (i.e. in the same J2EE server instance on the same server)? If so, unless there are security restrictions preventing you from doing this, RequestDispatcher obtained for a foreign context should sort it for you.
In fact, if your applications are in the same container, using declarative container-managed security will give you access to single sign-on; all the credentials of the client will be maintained across all Web applications (so they actually only have to login once).
Charles Lyons (SCJP 1.4, April 2003; SCJP 5, Dec 2006; SCWCD 1.4b, April 2004)
Author of OCEJWCD Study Companion for Oracle Exam 1Z0-899 (ISBN 0955160340 / AmazonAmazon UK )
Joined: Mar 22, 2005
In Tomcat, you would need to set the "privileged" attribute of the webapp declaration to "true" for this to work. By default it's false.