-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lyallex,
On 11/2/12 9:43 AM, Lyallex wrote: > When I have validated the data I want to forward to a protected > resource like this > > forwardTarget = "/account/accountView.jsp"; > > RequestDispatcher rd = > getServletContext().getRequestDispatcher(forwardTarget); > rd.forward(request, response); > > What I was hoping would happen is that the user would be required > to login but we get to the protected resource without the login > screen appearing. I realise that I am forwarding an existing > (unauthenticated) request > > I could simply redirect to an 'account created log in now page' but > that's a bit naff. The problem is that you are doing a forward and not a redirect. > Is it possible to redirect to a protected resource from an > unprotected one ? Yes, but you have to actually do a redirect. Using "forward" allows you to bypass security constraints. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCT8yIACgkQ9CaO5/Lv0PD34gCgssVhb7VtGtS+GFaDQ/lYkO/6 hsUAoL43K5N4d87hx4zZG/twED9hJhaC =HWNf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
