Lets say i have a jsp page which invokes a servlet. Now I want the servlet to forward this request to someother secured jsp page which i have configured to be secured in my web.xml.
The problem is the jsp pages opens as secured if I open it directly from the address bar of my browser. But it doesnt open securely if the servlet forwards to that jsp page. Why is that?
AFAICT, the container has no way of knowing that it has to switch to HTTPS given that the forwarding happens within the code executing on the server. A resource is just a resource and by itself, it has no way of knowing whether it has to be served over a normal channel or a secure channel. Also, I think the configuration placed in the web.xml which relates to external requests made by the client and not internal forwards done.
Instead of doing a forward, try redirecting to that resource. It if still doesn't work, post your web.xml configuration along with the relevant piece of code you are using.
Thanks for the reply. I know I can do redirection instead of forward. I had tested it before and it works.
But i had to set some request attributes in the servlet and use it in the secured JSP.
Now i will have to set attributes in session instead. I was vary of setting to much session attributes, that's why I was thinking of a workaround.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.