[WEB SECURITY] Run JSP file from Servlet

Felix Shnir felix.shnir at gmail.com
Tue Jun 13 10:38:53 EDT 2006


Well, there are 2 ways.  First of all, you can clone the request and
response - but i dont think u can send 2 responses back, that would defeat
purpose of http protocol =/

What it seems to me, you might wonna do is despatch back to the servlet from
your JSP.  The process is done the same way you do it in the servlet.
Another alternative is to use an intercepting filter -> HttpFilter, please
read up on it to find out how to implement one.  But generally, it will
intercept your request on the way up, and reponse on the way down to the
client...

Hope this helps.

Felix Shnir.


On 6/13/06, shadi Aljawarneh <shadi.aljawarneh at durham.ac.uk> wrote:
>
> Hi All,
> Please I need some help in this problem if you don't mind :
> Problem is: I need to run this JSP serverside in the same session
> context that the client is using for his browsing session. The JSP
> should be handled by the same Tomcat process that handles the clients
> complete session.
>
> Therefor the
>
>
> HttpServletRequest.getRequestDispatcher( "jsp_file.jsp" ).include(
> HttpServletRequest, HttpServletResponse )
>
> or
>
> HttpServletRequest.getRequestDispatcher( "jsp_file.jsp" ).forward(
> HttpServletRequest, HttpServletResponse )
>
>
> popped into my mind. Problem is: This Dispatcher needs another
> HttpServletResponse
> object, because the result of this should not be sent to the clients
> browser. I want to get the response stream as String to use it as SQL
> statement.
>
>
> Cloning is not possible and a wrapper doesn't work, because the interfaced
> methods (when overwritten) cannot prevent the submit of the rendered
> stream
> to the client browser inside the include()-method.
>
>
> Has anyone an idea how to get a HttpServletResponse object that isn't
> connected to the clients browser but just can provide a rendered code as
> String for further serverside handling?
>
> Or
>
> How can i return a string after calling forward or include method for
> further processing in the server-side?
>
>
> Looking forward to your suggestions!
> Regards
>
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060613/21a9595b/attachment.html>


More information about the websecurity mailing list