-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Léa,
On 11/2/14 10:07 AM, Léa Massiot wrote: > Hello Mark, Chris and Terence. Thank you for your answers. After > reading them and observing a few things I realized that my problem > is not exactly the one I described at first. > > > Christopher Schultz-2 wrote >> The Referer is going to be the URL that was showing in the web >> browser when the user clicked on the Submit button. > > This is right. I hadn't noticed it but the URL which is showing is > NOT https://host/webapp/example1.jsp. Instead, it is > https://host/webapp/do_example. So, what I was describing as > abnormal in my first post is actually normal. Exactly. > So the problem is coming from elsewhere... > > Before I tried to make the webapp work with HTTPS, I was always > using calls like these: > ---------------------------------------------------------------------- > > response.sendRedirect("example1.jsp"); When sending redirects, you probably always want to: 1. Run the URL through response.encodeRedirectURL 2. Use a URL that starts with "/", which is easiest by doing this: String url = response.encodeRedirectURL(request.getContextPath() + "/example1.jsp")); response.sendRedirect(url); > ---------------------------------------------------------------------- > > Last week, I replaced all these calls with these new ones: > ---------------------------------------------------------------------- > > requestDispatcher = > getServletContext().getRequestDispatcher("/example1.jsp"); > requestDispatcher.forward(request, response); > ---------------------------------------------------------------------- > > (with the appropriate JSP of course). > > I made that change because "sendRedirect()" didn't "work" with > HTTPS. Redirects definitely work with HTTPS. You must be doing something wrong. Perhaps a configuration mistake with a port number or something like that. > I didn't mention this before because I thought it was solving this > other problem. Instead, it provokes new ones. Yup. > What I actually would like is the webapp to behave like before: > showing JSP page names in the URLs bar instead of "URL patterns": > in a given servlet, I generally have several "forward()" calls and > hence several different ".jsp" pages to forward to depending on > what happens inside the servlet. Having all of them replaced by > something like "do_example" is kind of not what I had planned. It's > definitely very problematic. So use redirects. They should work and you should figure out why they aren't working. Put your code back the way you had it, take more data, and post a new question if you need help. > So, hum, as I didn't asked it at the time: why can't I go on using > "sendRedirect()" along with HTTPS? If I have to use "forward()", is > there any way I could make it behave the way I described above? When you use a "forward", you will always end up with the URL the client first used as what the client "sees". If you want to accept data (e.g. POST) *and* prepare some data for the next screen to be seen, consider a POST-then-redirect scheme: 1. Client POSTs to some URL e.g. /do_example 2. /do_example servlet runs and handles the POST data, then redirect()s to /prepare_view 3. /prepare_view servlet runs and gathers whatever data is appropriate for the next display screen and forward()s to /example1.jsp After all that, the user is looking at the URL /prepare_view instead of /do_example. That way, your referrer for the next POST will be /prepare_view instead of /do_example. > Is there another method I could use that would suit my needs? Your only tools to transfer control (other than direct function calls) are forward, redirect, and include. > P.S. For the problem I was posting at first, as I don't really need > to rely on the "referer" request header, I can instead, set a > session attribute in each JSP. In "example1.jsp" for instance: > -------------------------------------------------------------------- > > <c:set var="sessAtt" > value="example1.jsp" scope="session"></c:set> > -------------------------------------------------------------------- > > When in the "doPost()" method of the servlet, I'll know which JSP form what > submitted... What if the user hits the BACK button and looks at a previous page, then re-submits that old page? Your server thinks that the source page was "example1.jsp" but the client actually posted example0.jsp or something else... Web application workflow management is non-trivial. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUV6CAAAoJEBzwKT+lPKRY9zcQAIpXKkNLAq/TVtm9EiRkDHQs boOAcbNluN0D9wK+V94aQTRF1iSFblpaNv6Tr/mmE3hM5c2tuUAxlq3tNAKz9zyn ltzS8w87Zu7zad4i/kZZXKo3IpmpWz8NkWORlHwF4yQQUC/IhtYBxB7nq+7nVfDG aSdKa77rBE6DHklBYutvjdDc2HeYx2B4IgzbYuPGBPEqMKASfhIoxRp51B/lwjEF Zs4TTuiL4SziP/luFBV/GK5kFiPMsEyZhr3YmOi23z44doIgvet89nwOr6im8OEf eFMIyBhos55A3Yc6NEREhyJSBbHbBHIV0cmXxS0qWrsMcj6BEn/Dl6tTyTKyWt1M 26mazb3SNQtj5kIk3PNndkRoW9jIhiJkgsBZM7CuOrTP/cUMysExGNmEWchccqJ+ jd3u0YW7H/B1fCANSThyLcPCzw4jSscwSE0plT0M/ZUAUF17adhizRsUuKXo7xyL wPb0y+yqmWdtWLycNYv0VG2dp0YeBKuUZUocvBS5qQwLnUf22OsBJeK8AJKKnJ/2 sAYtN2QXiWEOfbheRuNOoDr9A6g1cCwkGKwiPUcJVWiOBLSeC8z9s5CAuRMIt++p eg9d1IdaV0+IZoDJ4souYacqb8ALYl11f+FVavNkKjUDEw5yYpmJIFheCgwO5RHn +4z7UNw4OsS3Jrp1hAoG =JTv+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
