Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / March 2006

Tip: Looking for answers? Try searching our database.

JSP redirection

Thread view: 
Enable EMail AlertsStart New Thread
delphine.ziegler@gmail.com - 14 Mar 2006 11:06 GMT
Hello,

I have a JSP page a.jsp. My server web is Apache and I use Tomcat.
Apache has a known break : it doesn't stop cross-site scripting. So in
my JSP, I check the URL to see if the "<" character is not present. If
it is present, I want to redirect the user to an error page (which can
be in another server). If it is present, I continue to execute my page
a.jsp. I use response.sendRedirect() but it doesnt't worf. Has anybody
got an idea ?

Thanks

Delphine
Reply to this Message
anu - 14 Mar 2006 11:25 GMT
you can use RequestDispatcher rd=request.getRequestDispatcher("url")
method
followed by rd.forward(request,response)  also.i don't know whether it
works with two servers....i have used this only with a single
server.please try it
Reply to this Message
delphine.ziegler@gmail.com - 14 Mar 2006 11:31 GMT
Thanks...

I did what you said but I have the following error :

java.io.IOException: Stream closed
    org.apache.jasper.runtime.JspWriterImpl.ensureOpen(JspWriterImpl.java:202)
    org.apache.jasper.runtime.JspWriterImpl.clearBuffer(JspWriterImpl.java:157)
    org.apache.jsp.content.appli_005fsol_005fiplanet.production.login_jsp._jspService(login_jsp.java:120)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

Need to make a precision : my page a.jsp is included in another page
(login.jsp). Could it cause a problem ?
Reply to this Message
Andrea Desole - 14 Mar 2006 11:33 GMT
> Hello,
>
[quoted text clipped - 5 lines]
> a.jsp. I use response.sendRedirect() but it doesnt't worf. Has anybody
> got an idea ?

why doesn't it work? Do you have an error? An exception? What exactly
goes wrong?
Reply to this Message
delphine.ziegler@gmail.com - 14 Mar 2006 11:37 GMT
I don't have an error, I am not redirected, that's all...

When I called a.jsp my sendredirect works fine but when i called
login.jsp that includes a.jsp it doesn't work... Any idea ?

Delphine
Reply to this Message
Andrea Desole - 14 Mar 2006 12:04 GMT
> I don't have an error, I am not redirected, that's all...
>
> When I called a.jsp my sendredirect works fine but when i called
> login.jsp that includes a.jsp it doesn't work... Any idea ?

Apparently redirect doesn't work with includes. Check the documentation
of RequestDispatcher.include(). You can't change the response code or
the headers
Reply to this Message
Andrea Desole - 14 Mar 2006 12:08 GMT
> Apparently redirect doesn't work with includes. Check the documentation
> of RequestDispatcher.include(). You can't change the response code or
> the headers

sorry, of course I missed to say that this is for dynamic includes. I
assume this is what you are using
Reply to this Message
delphine.ziegler@gmail.com - 14 Mar 2006 12:11 GMT
No, the include in login.jsp is done like this :

<jsp:include page="a.jsp" />
Reply to this Message
Andrea Desole - 14 Mar 2006 12:45 GMT
> No, the include in login.jsp is done like this :
>
> <jsp:include page="a.jsp" />

exactly.
Try <%@include file="a.jsp"%>
Reply to this Message
delphine.ziegler@gmail.com - 14 Mar 2006 13:37 GMT
Thanks with <%@include %> it works fine. But is there another solution
? I have several login.jsp that include my page a.jsp... could you
confirm me that with <jsp:include /> it doesn't work ?

Thanks a lot...
Reply to this Message
Andrea Desole - 14 Mar 2006 14:44 GMT
> Thanks with <%@include %> it works fine. But is there another solution
> ? I have several login.jsp that include my page a.jsp... could you
> confirm me that with <jsp:include /> it doesn't work ?

Yes, it doesn't work. As I said, check the documentation; it's
definitely more reliable than me

Another solution might be to forward, but:
1) I see you tried, with no success. The exception you get is fairly
strange, by the way, and it might be related to your code.
2) even if you solve the problem, I don't think you can forward to pages
outside of your context, so forwarding to another server is probably
unfeasible

I don't think there is another solution. Not without changing your login
pages
Reply to this Message
Alex Hunsley - 14 Mar 2006 11:38 GMT
> Hello,
>
[quoted text clipped - 5 lines]
> a.jsp. I use response.sendRedirect() but it doesnt't worf. Has anybody
> got an idea ?

What exactly do you mean by "doesn't work"? What happens?
Stating versions of apache and tomcat wouldn't hurt either.
Reply to this Message
delphine.ziegler@gmail.com - 14 Mar 2006 11:39 GMT
it executes the rest of my code so login.jsp is displayed.

Apache : 2.0.47
Tomcat : 5.0.28
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.