-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stig,
Stig Kleppe-Jørgensen wrote:
> I stand in this url:
>
> http://<host>/<servletpath>/ication/test/fr/ca
>
> and want to go to this url:
>
> http://<host>/<servletpath>/ibs/name/test.jar
Why not just use absolute URLs?
httpResponse.sendRedirect(response.encodeRedirectURL("/ibs/name/test.jar"));
> When calling
>
> httpresponse.sendRedirect("../../../../ibs/name/test.jar")
That's too many ".." by the way, unless your original URL up at the top
of the message was a path without a resource (i.e. it should have been
.../ca/something).
Taking /<servletpath>/ication/test/fr/ca and applying 4 ".." to it gives
you:
/
:(
> Tomcat generates this url:
>
> http://<host>/<servletpath>/ication/test/fr/ca/../../../../ibs/name/test.jar
And what does your client (browser) do with this URL?
> The same worked in Jetty.
I'll bet this works in Jetty because Jetty actually does the
normalization, and won't let you redirect a relative path outside of the
current webapp. Try putting "../../../../../../../../../../../../.."
into Jetty and see if it still works.
With Tomcat, the client (browser) is left to interpret the URL and
normalize the path. I'm assuming it does it correctly and sends the user
to http://<host>/ibs/name/test.jar which, I would imagine, does not exist.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkkJLQACgkQ9CaO5/Lv0PBl0QCfSbnPbcSHGJbsk9TjItURlo5B
/UUAnRGbafBUFrSChPfcByG1TB8Ux+2I
=IVdu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
