i should have to send the value like username from one application to other application which are running in same server.i am redirecting to other application using response.sendRedirect(url) if i am adding the username at the end of url it is revealing the username in the url and using request scope its not possible so how can i do that?
Ganesh Kumar CH
i m just redirecting to my application jsp page from other application jsp page using the following code
so its being displayed in URL along with value and there is no sharing database...
How can i implement this? My thought is that i will encrypt the username value in source end and decrypt in destination end so that it wont be revealed...
Do you suggest this?
Aim: How can i get the value from one webapplication to other webapplication either using objects like request,response,session and application or in different way?
yeah i am trying to implement sso for my application......
How about using something like Java CAS ?
Check this http://www.jguru.com/faq/view.jsp?EID=285822
Kumar Raja wrote:I did not mean to POST it through sendRedirect.. I meant that you can POST to servlet/jsp by other means. afterall its a HTTP request and you can use other means, for eg, HTTP Post. I had not tried this personally before, so would be glad to know the results if it works for you.
POST isn't any more secure than GET. You still end up sending the username over the network, and you're still vulnerable to someone altering the request to change the username to whatever they wish.
The only way I can see to do this securely is through some sort of shared persistence between the web application contexts. This could be a database, a datafile, Kerberos server, etc. The browser can't be the ONLY way your two web applications communicate, or it's only going to be as secure as that browser.
Note: The localhost-URL you posted, only works on your computer (hence the name "local").
It would be much easier though to just add all of your modules into one Web-Application or to use one of the countless Java Web Application Frameworks.