e., /secure/
job-openings.html) without being authorized to do so. Because we are using the
RequestDispatcher.forward method, the originally requested URL is showing in the
browser??™s address bar.
Figure 5??“11 If the SecurityHolePlugFilter is enabled, it converts the
RequestDispatcher.forward call into a direct client request. This invocation becomes
no different than trying to directly invoke http://localhost/filtersrus/secure/
job-openings.html, therefore the server asks for username and password to proceed.
Chapter 5 ?– Servlet and JSP Filters 260
Figure 5??“12 Even though the originally requested URL was http://localhost/filtersrus/
SecurityHole, the filter forced the client to directly request the resource, thus changing the
requested URL to http://localhost/filtersrus/secure/job-openings.html. This screen is
shown if the user successfully logs in with a username belonging to the executive role.
5.14 The Complete Filter
Deployment Descriptor
The previous sections showed various excerpts of the web.xml file for filtersRus.com.
Listing 5.28 shows the file in its entirety.
5.14 The Complete Filter Deployment Descriptor 261
Listing 5.28
web.xml
(Complete version for filter examples)
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://java.sun.com/xml/ns/j2ee
http://java.
Pages:
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313