This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Servlet Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "Servlet Security Question" Watch "Servlet Security Question" New topic
Author

Servlet Security Question

Tyronne Fernando
Ranch Hand

Joined: May 11, 2008
Posts: 50
posted private message
0
Quote
Lets say there are two servlets A and B. A user has authority to access servlet A, but not to servlet B. But, sevlet A forward the request to servlet B through request dispatcher.

What happens if the user access servlet A? Will he get an Authorization error on servlet A?

I like to know some of your thoughts on this. Thanks in advance.
Surajsingh Thakur
Ranch Hand

Joined: Sep 09, 2008
Posts: 124

I like...
Eclipse IDE MySQL Database Tomcat Server
posted private message
0
Quote
Well i feel the user who access servlet A can go to servletB via servlet A...
But not directly to Servlet B because of authorization constraints...

BE (Computer Science) SCJP 4 (80%) SCWCD 5 (97%) IBM CAD(98%) IBM CAppD(100%) IBM SD(100%)
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

I like...
Eclipse IDE Java Windows XP
posted private message
0
Quote
Originally posted by Surajsingh Thakur:
Well i feel the user who access servlet A can go to servletB via servlet A...
But not directly to Servlet B because of authorization constraints...



yes
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Servlet Security Question
 
Similar Threads
A Mock Question
Hack proofing JSP
SingleThreadModel
encodeURL() purpose and best place to use
Preventing direct access to a redirected page