i donno what excetly you want to do.. but one way to call a servlet of different web application is giving the absolute web address in the sendRedirect like below..
this will force the browser to call the servlet.. but if you mean that u want to share a piece of data among two web-applications in same server then i think that's not possible
hope this helps you..
This method allows servlets to gain access to the context for various parts of the server, and as needed obtain RequestDispatcher objects from the context. The given path must be begin with "/", is interpreted relative to the server's document root and is matched against the context roots of other web applications hosted on this container.
In a security conscious environment, the servlet container may return null for a given URL.
In Tomcat you can use some configuration file to allow the communication if the container does not allow it.
When we tried to achieve this once to allow us to .include a jsp from another context, they occured in difference threads and we couldn't control where the jsp was included. In practice I'm not sure it's a very good idea.
Originally posted by Pradeep Bhat:
What are the security concerns? I am not able to think about any.
Pradeep, I think David means that since they are not transparent to each other, we have to deal with security concerns... But I hope the server has ability to deal with it easily...
Since both the applications are running in the same container I was just wondering what security issues could come up?
Just because two Web applications run on the same sever (same container) does not mean that they are developed by the same people and want to share data arbitrarily. For example, I teach a JSP/servlet class in the Johns Hopkins University part-time graduate program in Computer Science. We use Tomcat, and each student has their own Web app (mapped to http://hostname/~userID/, in fact). One student shouldn't be able to change/delete entries in another student's ServletContext, so we have this disabled.
Whether myServletContext.getContext(contextPath) returns null or not depends on the container settings -- in Tomcat you get null unless server.xml specifies crossContext="true" for the app or for DefaultContext.
Originally posted by Marty Hall:
For example, I teach a JSP/servlet class in the Johns Hopkins University part-time graduate program in Computer Science. We use Tomcat, and each student has their own Web app (mapped to http://hostname/~userID/, in fact). One student shouldn't be able to change/delete entries in another student's ServletContext, so we have this disabled.
I think that is a very good example about the security issue among different web apps... Since you are an experienced instructor, it's a piece of cake for you to provide such example for someone else...