By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,636 Members | 1,213 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,636 IT Pros & Developers. It's quick & easy.

Distribute jsp session web application

P: n/a
Hi everybody,
I explain my problems:

Question 1:

I need to integrate 2 web applications which runs in 2 different
machine server (JBoss) in order to navigate them inside common session,
with some sessionID or something like that.

So, the scenario is:

webApp1 -----> WServer1(https)
webApp2 -----> WServer2(http)

When from webApp1 I call with link the webApp2, I need by some way to
tell webApp2 that only webApp1 is authorized to go on.
The problem is that when I switch from https to http, the "url-referer"
being lost and webApp2 can't recognize the caller!!!

Anybody has some suggestions on how to fix it?

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

Many many thanks in advance!!!

Oct 15 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On Sat, 15 Oct 2005 09:23:57 -0700, ocean2005 wrote:
Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
then use it in a new window browser to navigate on site without has been
authenticated???


You probably want to use a ticket there.

Sincerely,
Joachim

Oct 15 '05 #2

P: n/a

oc*******@hotmail.it wrote:

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

First of all, never, never, show the password on a URL string. Avoid
username too. Pass them along as session attributes. your second
question automatically gets taken care of.

Oct 17 '05 #3

P: n/a

"HalcyonWild" <Ha**********@gmail.com> wrote in message
news:11*********************@g44g2000cwa.googlegro ups.com...

oc*******@hotmail.it wrote:

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

First of all, never, never, show the password on a URL string. Avoid
username too. Pass them along as session attributes. your second
question automatically gets taken care of.


As a general rule of thumb, you should ask yourself "Should I allow my
users to share this link or otherwise bookmark it?" if so, then use GET
attributes as in the example above. Otherwise, use POST or a Session object
as Halcyon advises.

It may occasionally make sense to allow the username to appear in the
query string; e.g. http://mysite.com/profile.jsp?username=Oliver if you want
to let your users give their friends a direct link to their profile.

- Oliver
Oct 17 '05 #4

P: n/a
oc*******@hotmail.it wrote:
[...]
Question 1:
[...]
Java != JavaScript
Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???
Use POST requests instead of GET. This is off-topic all crossposted
groups but alt.websites as well.
Many many thanks in advance!!!


Your Exclamation Mark key is broken.
PointedEars, F'up2 to the only crossposted group I have subscribed
Oct 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.