i should have to send the value like username from one application to other application which are running in same server.i am redirecting to other application using response.sendRedirect(url) if i am adding the username at the end of url it is revealing the username in the url and using request scope its not possible so how can i do that?
yeah i am trying to implement sso for my application......
i m just redirecting to my application jsp page from other application jsp page using the following code
so its being displayed in URL along with value and there is no sharing database...
How can i implement this? My thought is that i will encrypt the username value in source end and decrypt in destination end so that it wont be revealed...
Do you suggest this?
Aim: How can i get the value from one webapplication to other webapplication either using objects like request,response,session and application or in different way?
Joined: May 13, 2010
I dont understand why you can not get the value from the url really but...
please try JSTL redirect and request the value in the destiny page with JSTL too.
May be this work. Also would be fine if you can show a piece of you code.
Joined: Oct 13, 2008
i think that it will not work....
As per my knowledge if we redirect to new webapplication i.e new request so that container will create new request and response objects...
I did not mean to POST it through sendRedirect.. I meant that you can POST to servlet/jsp by other means. afterall its a HTTP request and you can use other means, for eg, HTTP Post. I had not tried this personally before, so would be glad to know the results if it works for you.
Kumar Raja wrote:I did not mean to POST it through sendRedirect.. I meant that you can POST to servlet/jsp by other means. afterall its a HTTP request and you can use other means, for eg, HTTP Post. I had not tried this personally before, so would be glad to know the results if it works for you.
POST isn't any more secure than GET. You still end up sending the username over the network, and you're still vulnerable to someone altering the request to change the username to whatever they wish.
The only way I can see to do this securely is through some sort of shared persistence between the web application contexts. This could be a database, a datafile, Kerberos server, etc. The browser can't be the ONLY way your two web applications communicate, or it's only going to be as secure as that browser.
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower