Fw: Re: intercepting & restoring requests

Lance Lavandowska Thu, 16 Sep 1999 18:53:25 -0700
Its been months since I wrote that code, and I don't honestly recall it in any detail.
My prior response indicated only that I'd worked it out for GETs, not for POSTS, that
one would have to save the POST parameters as well (in the Session, most likely) and 
fetch
them out upon reaching the target page.

Since I don't expect anyone to post from outside my server, I didn't foresee this 
problem.
Once they've hit the site to reach the form, they've validated prior to loading the 
form that
is to be submitted (is this clear? its been a long day).  As the name of the file 
implies (adminLogin) we've only implemented security on choice portions of the site.

But, to answer the question, add to the checkUserPermission method, after the 
QueryString check:

Enumeration paramEnum = request.getParameterNames();
while (paramEnum.hasMoreElements())
{
    String paramName = (String) paramEnum.nextElement();
    String[] paramValues = request.getParameterValues(paramName());
    Session.putValue(paramName, paramValues);
}

Then your servlet/jsp that handles the form submission will have to fetch the
values from the Session if there are no Parameters in the request (to handle the
passing back-and-forth of control).

Its probably easier just verify the user prior to them filling out any forms.

Lance

-----Original Message-----
From: Todd Smith <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, September 16, 1999 4:13 PM
Subject: Re: intercepting & restoring requests


>Thanks Lance.
>
>I think the key part of your code is "request.getQueryString()"
>
>I can see how this would satisfy the problem of a GET but would it do
>any good for a query via POST?
>
>Todd
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
Fw: Re: intercepting & restoring requests

Reply via email to
