DO NOT REPLY [Bug 9772] - RequestDispatcher.forward(resource) does not perform necessary checks
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks --- Additional Comments From [EMAIL PROTECTED] 2002-06-13 07:22 --- Because the spec (even if only since 2.3) tells that no checking has to be performed the implemented behavior is OK for me. Status can be changed to WONTFIX (or another appropiate value). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 9772] - RequestDispatcher.forward(resource) does not perform necessary checks
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 9772] - RequestDispatcher.forward(resource) does not perform necessary checks
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|DUPLICATE | --- Additional Comments From [EMAIL PROTECTED] 2002-06-12 11:30 --- Not checking security constraints on forwarded requests is part of the servlet spec. Where? Checked Servlet 2.2 and 2.3 spec and could not find such a documentation. Anyway: there is also NO spec which tells that a check must be performed, but security-constraints without checking do not make real sense. Also all other servlet-containers to perform a checking within their forward() method. If forward() does not need to perform security checks: how can I redirect the configured (form-based) login-page to the browser? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 9772] - RequestDispatcher.forward(resource) does not perform necessary checks
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks --- Additional Comments From [EMAIL PROTECTED] 2002-06-12 15:57 --- Java Servlet Specification Version 2.3 SRV.12.2 Declarative Security The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include. The theory is that 2.3 is a clarification of 2.2 when they address the same issues. You can do an HTTP redirect over to the security page instead of using an internal forward. (Is this really a duplicate of 5722 Forward to a page that have no extension displays a blank page?) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 9772] - RequestDispatcher.forward(resource) does not perform necessary checks
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2002-06-11 18:00 --- Not checking security constraints on forwarded requests is part of the servlet spec. *** This bug has been marked as a duplicate of 5722 *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]