Distribute jsp session web application

ocean2005 · Oct 15, 2005

Hi everybody,
I explain my problems:

Question 1:

I need to integrate 2 web applications which runs in 2 different
machine server (JBoss) in order to navigate them inside common session,
with some sessionID or something like that.

So, the scenario is:

webApp1 -----> WServer1(https)
webApp2 -----> WServer2(http)

When from webApp1 I call with link the webApp2, I need by some way to
tell webApp2 that only webApp1 is authorized to go on.
The problem is that when I switch from https to http, the "url-referer"
being lost and webApp2 can't recognize the caller!!!

Anybody has some suggestions on how to fix it?

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

Many many thanks in advance!!!

HalcyonWild · Oct 17, 2005

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

First of all, never, never, show the password on a URL string. Avoid
username too. Pass them along as session attributes. your second
question automatically gets taken care of.

Oliver Wong · Oct 17, 2005

HalcyonWild said:
First of all, never, never, show the password on a URL string. Avoid
username too. Pass them along as session attributes. your second
question automatically gets taken care of.

As a general rule of thumb, you should ask yourself "Should I allow my
users to share this link or otherwise bookmark it?" if so, then use GET
attributes as in the example above. Otherwise, use POST or a Session object
as Halcyon advises.

It may occasionally make sense to allow the username to appear in the
query string; e.g. http://mysite.com/profile.jsp?username=Oliver if you want
to let your users give their friends a direct link to their profile.

- Oliver

Thomas 'PointedEars' Lahn · Oct 18, 2005

[...]
Question 1:
[...]

Java != JavaScript

Question 2:
How can realize a jsp/servlet page in order to avoid malicius people to
save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
then use it in a new window browser to navigate on site without has
been authenticated???

Use POST requests instead of GET. This is off-topic all crossposted
groups but alt.websites as well.

Many many thanks in advance!!!

Your Exclamation Mark key is broken.

PointedEars, F'up2 to the only crossposted group I have subscribed

Architecture of an enterprise application, multiple projects +multiple customers	0	Feb 18, 2008
JSP security-session management	1	Sep 7, 2005
JSP Internationalization	5	Mar 7, 2007
Dealing with application names in a JEE web app	18	May 23, 2011
Need Help Using A Custom Session Manager	0	Apr 1, 2010
Authentication session with urllib2	1	Nov 11, 2009
.Net Web Application Developer-Albany, NY	0	Apr 7, 2011
Session Statr Error	2	Nov 27, 2008

Distribute jsp session web application

ocean2005

HalcyonWild

Oliver Wong

Thomas 'PointedEars' Lahn

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads