RE: Howto: call a Servlet from another Servlet (Example)?!

Mon, 20 Sep 2010 15:03:17 -0700 



> -----Original Message-----
> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
> Sent: Monday, September 20, 2010 10:56 AM
> To: 'Tomcat Users List'
> Subject: RE: Howto: call a Servlet from another Servlet (Example)?!
> 
> 
> 
> >-----Original Message-----
> >From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> >Subject: Re: Howto: call a Servlet from another Servlet (Example)?!
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Ronald,
> >
> >On 9/20/2010 11:07 AM, Ronald Klop wrote:
> >> You can use the RequestDispatcher.
> >>
> >> RequestDispatcher dispatcher =
> >request.getRequestDispatcher("/userlist");
> >> dispatcher.forward(request, response);
> >
> >Of course, you can also issue a redirect to the client:
> >
> >response.sendRedirect(...)
> >

Please make sure that any examples of respond.sendRedirect() or 
RequestDispatcher.forward() are IMMEDIATELY followed by a return statement 
because neither of those statements terminates the calling servlet's 
processing. IOW, processing chugs right along. This can cause very strange 
problems. It can also expose potential security problems because often you're 
redirecting to a login page. If you don't terminate processing, the code 
further along can assume the user is authenticated.

> >The advantage of issuing a redirect is that the client will not have
> to
> >re-authenticate if the user then RELOADs the resulting page.
> >
> >- -chris
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.4.10 (MingW32)
> >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> >iEYEARECAAYFAkyXf3gACgkQ9CaO5/Lv0PDRmQCfSKPGx2EbXA8dA0WlcbNee8M9
> >/YYAoJ6iHtoM5pYzteMy3DMHzH07OCno
> >=bBF7
> >-----END PGP SIGNATURE-----
> 
> I thought that if you were making a request to a UserListServlet and it
> was restricted to authentication, assuming you use Form Authentication
> and structure your login form correctly, you don't have to worry about
> calling LoginServlet or using the requestDispatcher?  Doesn't Tomcat
> handle this for you?  What am I missing here?
> 
> In the OP question, to what does the LoginServlet authenticate you?
> The LoginServlet?

George Sexton
MH Software, Inc.
303 438-9585
www.mhsoftware.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to