Re: Model 2 forwarding issues

Mon, 27 Mar 2000 19:23:31 -0800 

Kevin Duffey wrote:

> Hi Craig, list,
>
> >> Wondering if anyone else is noticing what I am. When I forward
> >to a URL from
> >> the controller servlet, the web browser URL shows the
> >information as if it
> >> were a GET method, but I am using POST.
> >>
> >> <form action="Enroll.do" method="post">
> >>
> >
> >I have not seen this behavior.
>
> Nope..your right. What happens is the web URL line shows Enroll.do. Turns
> out that I originally didn't specify the POST method, and it automatically
> uses GET. When I changed it to POST, the url line only shows Enroll.do, and
> nothing else.
>

Isn't it amazing what a few little characters can do? :-)

>
> I do have another concern though. What happens if someone bookmarks the
> Enroll.do URL, and then goes back to it? Wont it try to enroll them by going
> to the servlet, but without any form data? What to do in this case?
>

Well, one thing you could do in the action procedure that Enroll.do executes is
make sure the request method was a POST.  That way, an attempt to do a GET (as a
result of returning from a bookmark) will fail.  If this is generally the case for
all action procedures (i.e. they MUST be processing a form), the simplest thing to
do is implement only doPost() in your controller servlet -- have doGet() return
some nice error message saying that you can't return to this page.

Another thing you'll probably want to do is have the controller servlet (or the
servlet container if you're using 2.2 security) check for is a valid login when a
*.do URL is requested.  You'll probably want this anyway, to prevent malicious
attempts to bypass any security you've coded into the JSP pages themselves.

Craig

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to