On Sun, 22 Apr 2001, Tushar Kale wrote:
> Hello:
> I have following servlet mapping defined in the web.xml file:
>
> <servlet-mapping>
> <servlet-name>secureAction</servlet-name>
> <url-pattern>/secure/*</url-pattern>
> </servlet-mapping>
>
> The objective is to activate the secureAction servlet when any file in
> secure directory is accessed. The secureAction servlet performs common
> processing and then supposed to forward the request the resource.
>
> The problem is, when secureAction servlet uses forward( ) or
> sendRedirect( ) method to the desired resource, the message activates
> the secureAction servlet again since the forwarded message has /secure
> in its URL thus causing an infinite loop.
>
> Shouldn't the forward call bypass the servlet mapping policy?
You are correct that security policy should not be applied on request
dispatcher accesses. However, you haven't told us what version you are
running.
>
> ~ Tushar Kale
>
Craig
