Hi Tony,
Here's in short how I would do it:
{
.
.
.
URL url = new URL( portal.url );
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setDoInput( true );
connection.setDoOutput( true );
connection.setUseCaches( false );
// set authorization property only if authorization string is non-empty
if ((m_sAuthorization != null) && (m_sAuthorization.length() > 0))
connection.setRequestProperty("Authorization", m_sAuthorization);
// Send the request for information
String request = param1 + '=' + value1
+ '&' + param2+ '=' + value2 etc.
// push the request accross the wire between the two servlets
OutputStreamWriter out = new
utputStreamWriter( connection.getOutputStream());
out.write( request );
out.close();
// read response from the other servlet
BufferedReader dI = new BufferedReader(new
nputStreamReader( connection.getInputStream()));
// here you have to figure out if you managed to get through or not
???
// do redirect now
response.sendRedirect (OriginalURL);
}
catch( Exception e )
{
e.printStackTrace();
}
.
.
.
----- Original Message -----
From: "Tony Dahbura" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, December 29, 2002 6:51 PM
Subject: Re: circumnavigating security in commercial application
It is the post of the data, and respond with the redirect that I am not sure
how to do. I would assume the login (original) servlet is going to do some
setup and session stuff etc......How do I make sure the client browser sees
this etc......
Tony
Michael Paduch wrote:
> Hi Tony,
>
> Have the first request handled by your servlet. The servlet should post
the
> data to the original servlet. Make sure authentication was successful and
> then respond with redirect command. From then on the browser will be
> communicating directly with the original servlet, not the one that
provided
> log in capability.
>
> Regards,
> Michael
>
> ----- Original Message -----
> From: "Tony Dahbura" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, December 29, 2002 1:31 PM
> Subject: circumnavigating security in commercial application
>
> All:
> I have a web based application that uses a login page (html) via a
> servlet and it requires about 5-6 different values to be filled in on
> the page. What I would like to do is put my own servlet in front of it
> so that I can have a user login with with their userid/password and then
> to prefill the other values and pass it off to this servlet. This
> servlet wants a response in post format, but I do nto want to proxy
> everything (all future requests and interactions) between the
> application and my servlet.
>
> Does anyone have a some strategies for implementation of something like
> this. I need to support this for a single sign on architecture. Does
> this sound possible and can anyone shed some light on how to implement
> this (or even better some sample code). At first glance it sounds like
> a proxy servlet.....
>
> thanks,
> tony
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
