Servlet: sendRedirect () does not work when queried from the browser bar

Question

Servlet: sendRedirect () does not work when queried from the browser bar

Navigation

#1 by (0 votes)

-1

I have a Servlet that responds with a sendRedirect() when there is a query GET by the browser. In case there is one, the user is redirected to a second Form . The problem is with the security of the application. If I enter in the browser bar the address of the second Form ( localhost:8080/aplicacion/secondForm.html ) manages to avoid fulfilling the condition.

Thank you very much.

This is the Servlet code:

protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

    PrintWriter out = response.getWriter();
    String      texto = request.getReader().readLine();

    if (request.getMethod() == "GET"){
        response.sendRedirect("secondForm.html");
    } else {
        out.print("Formulario Incompleto");
           }

java html netbeans rest servlets

asked by TOMAS 23.06.2018 в 21:53

source

1 answer

how do I do the following problem in c language code? help please with this error!

score 0 · Answer 1

If I enter in the browser bar the address of the second Form (localhost: 8080 / application / secondForm.html) manages to avoid complying with the condition.

Indeed.

sendRedirect the only thing it does is tell the browser "the data you have asked me in /firstForm.html you have to find it by making a new request to /secondForm.html ". The browser makes the new request automatically and the web server responds.

But it's simply a request HTTP GET /secondForm.html , which for the server is the same come from a redirect or not.

Imagine that there are phone calls instead of requests. You call 111111 and if you have the password, they tell you that what you are looking for will be given to you by telephone 222222. But a call to the telephone 222222 works even if you have not called before 111111.

There are several ways to do this (well, there are more but to begin with look at these):

JAAS, the Java API for application server security. The configuration will depend on the web server you use (no, netbeans is not a web server).
In your servlet you define some information to detect that the user has passed authentication (for example, an attribute in session or a temporary token in the URL to which you redirect) and define a HttpFilter that protects the private resource and that verifies this information.