> Garey - Yes we all agree that redirect will not do a POST. The various > suggestions > that have been made all work, including using a programmatic post with > Jakarta > HttpClient. One thing to be aware of is that POST is NOT a security > mechanism. > Even though the parameters do not show on the URL as with a GET, it is still > fairly > easy to see these values with a POST for someone who goes to a little > trouble. So > if you have a security reason for this question your premise was not correct. > Still, > the HttpClient or HttpURLConnection approaches seem like they will do what > you > are trying to do.
Good answer! It addresses most of my concerns I've had while following this thread. Here are some more thoughts of mine: I assume the OP has no control over the university service, otherwise he could use some cryptographic method, like a shared secret, to issue a ticket in his servlet and pass it to the client. Another thing the OP didn't make clear was how the university service handles sessions. If it is protected against session hijacking (for example if it relies on the web servers session management) and compares the IP of the requesting end between calls in a session, there could be a problem. It will find that the IP of the first request (the login) is different from that of the subsequent requests. However, if the univerity service is not protected against session hijacking it will probably work. Though, it puts you in a moral dilemma of whether or not to contact them about it or having your own service work. :) > BTW - I'm tempted to wonder - if anyone can use your system to login to the > other system you might as well make a guest password public anyway! Another of my concerns. :) ...johahn ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
