Request forwarding to GWT hosted page not working

0
votes

I have created a login page in html which submits form to a servlet(LoginServlet).

On successful authentication, I have forwarded the request to a gwtPage.jsp which loads the nocache.js script

Approach 1: Below is my LoginServlet code

request.setAttribute("loginId",loginId);
dispatcher = request.getRequestDispatcher("gwtPage.jsp");
dispatcher.forward(request, response);

On my gwtPage I have included below script

<script type="text/javascript" language="javascript" src="pc/pc.nocache.js?<%= new Date()%>"></script>

However, after successful authentication from LoginServlet, the app points to gwtPage.jsp but doesnot load GWT module. It may be because after authentication the url shows: http://127.0.0.1:8888/LoginServlet

Approach 2: I tried an alternative, using response.sendRedirect method.

LoginServlet code

response.sendRedirect("gwtPage.jsp?gwt.codesvr=127.0.0.1:9997");

It points properly to http://127.0.0.1:8888/gwtPage.jsp?gwt.codesvr=127.0.0.1:9997 However, I am unable to send an hidden attribute(I do not want to pass it via URL parameter)

Please provide some suggestions for either of my approach. Any ideas are welcomed.

1
jspservletsgwthttprequesthttpresponse
Have you tried using your browser's dev tools to see what the outcomes are of network requests/responses when using Approach 1? - Boris Brudnoy
With Approach 1 , it only loads up the gwtPage.jsp without the GWT module on the div. - iAmSavy

1 Answers

0
votes

There is no such thing as a "hidden attribute" - it can be easily extracted and faked. If you want to make it secure, you need to use a session. The workflow is very simple:

  1. Authenticate a user in your LoginServlet. Save an authentication token (like your loginId) to a session.

    HttpSession session = request.getSession(true);
session.setAttribute("login", loginId);

  2. Redirect a user to the app page.

    response.sendRedirect("/gwtPage.jsp");

  3. In this JSP retrieve the authentication token from a session. If not present, redirect back to the login page. If present, proceed to load the app.

    HttpSession session = request.getSession(true);
if (session == null || session.getAttribute("login") == null) {
    response.sendRedirect("/Login.jsp");
}

    Make sure sessions are enabled on your server.