This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Servlet Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Servlet Security Question" Watch "Servlet Security Question" New topic
Author

Servlet Security Question

Tyronne Fernando
Ranch Hand

Joined: May 11, 2008
Posts: 50
Lets say there are two servlets A and B. A user has authority to access servlet A, but not to servlet B. But, sevlet A forward the request to servlet B through request dispatcher.

What happens if the user access servlet A? Will he get an Authorization error on servlet A?

I like to know some of your thoughts on this. Thanks in advance.
Surajsingh Thakur
Ranch Hand

Joined: Sep 09, 2008
Posts: 124

Well i feel the user who access servlet A can go to servletB via servlet A...
But not directly to Servlet B because of authorization constraints...



BE (Computer Science) SCJP 4 (80%) SCWCD 5 (97%) IBM CAD(98%) IBM CAppD(100%) IBM SD(100%)
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Surajsingh Thakur:
Well i feel the user who access servlet A can go to servletB via servlet A...
But not directly to Servlet B because of authorization constraints...



yes
 
Consider Paul's rocket mass heater.
 
subject: Servlet Security Question
 
Similar Threads
encodeURL() purpose and best place to use
Preventing direct access to a redirected page
Hack proofing JSP
A Mock Question
SingleThreadModel