Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > security-constraint on servlet-mapping

Thread Tools

security-constraint on servlet-mapping

Posts: n/a

i wanted to prevent users from calling my servlets directly and wrote
a controller servlet which takes a request parameter and redirects to
the other servlets by means of a RequestDispatcher
I put the servlet mappings for the servlets inside a <security-
constraint> block .


and the controller servlet is invoked by any url

In the Controller i used

RequestDispatcher dispatcher = null;
String param = request.getParameter("go");
if (param == null)
throw new ServletException("Missing parameter in Controller.");
else if (param.equals("weather"))
dispatcher = request.getRequestDispatcher("/weather");
else if (param.equals("maps"))
dispatcher = request.getRequestDispatcher("/maps");
if (dispatcher != null)

When i call http://localhost:8080/myapp/?go=weather it causes

The program works if i don't use the
<security-constraint> </security-constraint> block around the mapping
for the two servlets.But then anyone can call them by
http://localhost:8080/myapp/weather or http://localhost:8080/myapp/maps
can someone explain why i am getting this error?
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off