Header values when using HttpServletResponse.sendRedirect()

[Joe Tseng <jt...@secure-innovations.net>]

All,

I inherited a codebase that calls HttpServletResponse.sendRedirect() to
another page after a user is successfully logged in. I want to be able to
insert a header value before that redirection is executed. I tried to
simply add a HttpServletResponse.addHeader()/.setHeader() to the response
object before the redirect is called, but it seems a new response object is
used and sent to the browser. Is that assessment correct? Is there any way
for me to modify the redirect before it's sent or do I have to use
.forward()?

thx,

 - Joe

Re: Header values when using HttpServletResponse.sendRedirect()

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Joe,

On 9/8/16 3:40 PM, Joe Tseng wrote:
> I inherited a clusterf*** of a mess disguised as a 
> JSP/servlet-based MVC-ish app without the benefit of using Spring 
> or Struts or any sort of framework. No web services, but lots of 
> $.ajax() POST calls to servlet methods. I need to get this 
> stabilized before I can redo everything using REST/Angular.

Just make sure you know what you're doing before you throw away all
that work. Just because it doesn't use your favorite trendy technology
doesn't mean it's garbage.

A mistake like thinking that response headers survive a redirect is a
pretty big one, and it can't be fixed by becoming buzzword-friendly.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX1cdVAAoJEBzwKT+lPKRYSVQQAKURXq9q3Hnm58wJrTh1LulQ
O18DlExckonY4VpHQku1Bao4QwnJXbGu8dBleWirQyXdhT9MpWJF/7HTx+jNrAOB
Y+MKqzVPyOpmPtvzvoY8Nw0v/2LPSG47BYWDtdefFmPBBfNigC1FbyMDHCWRskOH
R6EdMjJMEkP2bmel4UaQzAiwTjtZIk7kcFYeH6OWpdw7xMcmA4jGJTfLjTixmbEi
0+TGp0FnqUJBoWTeysldBkoOwmi8e0G5reAWVgDX+3hykcTF5ROxTa2MDzDuuudi
C7BJVYYb+9h8IP17TQSMq9QL6tfMDTA5PTnlXAX63ohdTYvON1Ha3zt2VUkjhN3S
LGrl7sp1m4BTaEs3pXjcoEQVcttbiYqFCgyKrEAx3lJYbS0y6Wi+EFxHdDXQr0c/
3cnVdxOP7PLjCNm3Ye1bJkk2v0Gd6eqcDPh7He9i3OxjfL71xAM8l6pMUbR4sh4k
wTbJf9NhbavjZ0Rw8Qb0nX/R1PuYgD4MIxtLyPlaD39TZiBZbsaayKSue61edUEB
9v92P1tQwR7NO6V0JuQDBHOv3aQcqzP3qorqm1LUr7FC5Yue30m2msO2iUkb8H1Z
EI8E6okFkq1k+gtur7Tez7TpGrHEeEYaab2QauJvF64iUSXEb1rhOl1LDWe9glyw
lxD+mkjEsfOMss6WVQVl
=iRnq
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Header values when using HttpServletResponse.sendRedirect()

[Joe Tseng <jt...@secure-innovations.net>]

I inherited a clusterf*** of a mess disguised as a JSP/servlet-based
MVC-ish app without the benefit of using Spring or Struts or any sort of
framework. No web services, but lots of $.ajax() POST calls to servlet
methods. I need to get this stabilized before I can redo everything using
REST/Angular.

On Thu, Sep 8, 2016 at 3:27 PM Christopher Schultz <
chris@christopherschultz.net> wrote:

>
> For MVC, you'd have to know how the requests are being sent and
> responses are being processed. You probably have to "listen" for the
> response and grab the response headers from there.
>
> I'm interested... what kind of work are you doing, here? Do you have a
> fat client with a web-services back end or something?
>
>

Re: Header values when using HttpServletResponse.sendRedirect()

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Joe,

On 9/8/16 1:38 PM, Joe Tseng wrote:
> FYI I'm using Tomcat v7.x.
> 
> I guess I misunderstood what happens when I use sendRedirect() - it
> sends a new request, not a new response - but the effect is the
> same. That was what I came away with when I read this:
> 
> http://javarevisited.blogspot.com/2011/09/sendredirect-forward-jsp-ser
vlet.html

Oh,
> 
right: that's a misunderstanding about HTTP itself. The
sendRedirect method returns a response to the client and then hangs up
the phone. The client is expected to make a follow-up request in
whatever way it chooses. There are certain response codes that
indicate certain things should be done, but the client is free to do
whatever it wants.

> In any case, I gave up on using the header to pass additional items
> from the server to the browser and ended up just using cookies.

Technically, cookies are just headers :) But they are documented to be
sent BACK to the server once they've been set.

> Unless someone shows me otherwise, everything I saw online showed 
> how to use jQuery/xhr/your JS tool of the month to get header
> values from a GET/POST response; meanwhile I never figured out how
> to extract those values after a document was rendered in a
> traditional MVC app.

For MVC, you'd have to know how the requests are being sent and
responses are being processed. You probably have to "listen" for the
response and grab the response headers from there.

I'm interested... what kind of work are you doing, here? Do you have a
fat client with a web-services back end or something?

- -chris

> On Thu, Sep 8, 2016 at 11:22 AM Christopher Schultz < 
> chris@christopherschultz.net> wrote:
> 
> Joe,
> 
> On 9/6/16 3:36 PM, Joe Tseng wrote:
>>>> I inherited a codebase that calls 
>>>> HttpServletResponse.sendRedirect() to another page after a
>>>> user is successfully logged in. I want to be able to insert a
>>>> header value before that redirection is executed. I tried to
>>>> simply add a HttpServletResponse.addHeader()/.setHeader() to
>>>> the response object before the redirect is called, but it
>>>> seems a new response object is used and sent to the browser.
>>>> Is that assessment correct? Is there any way for me to modify
>>>> the redirect before it's sent or do I have to use
>>>> .forward()?
> 
> Tomcat version?
> 
> This should work. Calling response.setHeader or response.addHeader
> and then response.sendRedirect() should include your custom
> headers. What makes you think that "a new response object is
> used"?
> 
> -chris
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0bt8AAoJEBzwKT+lPKRYTMUQAI45TDfn358qRBl3zmLFEpkD
2WcGkqhDvtAAkOeXKqrOpbJW4D22uZEkQo1YdEhAMMosZOIltcp/gLR7e7hSXv9h
nxj+wQ93PzSVt/MOKTTfppGFy1r8dlRFzA/vWpSLy/k8Ab4b3ILyvrJlD+YSUpow
2e1Zsc2+naTmgrPpS3Js89HYWBq5nvcOKHLUMK8wD5F8YohkLWiymBQjwaHXYsEo
eC5WZPbV7bj8FDhKQXXe7HMvgXxN67sSZC/3YJ45EBVz5GprvChZeVOtmE5a5v7h
0L2w0hSzy/0JyQApjnLGxoss9soX2vBM8FnRoCglpYwQF0xTqJ/AYoRicvBwbqdx
jW/g7K/JZeftCNsKwqGhVCwjYZstAnMClP1lv259Tne2iSQizHdwQf/WkE4AaoAg
qF07nMdBulK9pn7KEC0G4ZD/D1PfFK0cUjA6SeG/+KgjfAB9HQfydpMjBASdTlKo
HA9KvebTq/BvFthjgXF4C2NIvKNJpGWzIEnnp2+kLWiEmxshCooZcGJVs0GRiS7c
M+AR1hVjx8Bpa907CgMrbUmjPgJkP9jqG7OJSIy6mJhYNraoGk8c4wp6h6M8Hw+y
7QBmECh4fMsXLUswpBjeKSsRndafTu8vcfBjt+6s3jcrOoVyKzHTXF+KrJuIKEk+
AmfCXWFBSB3GcuNbPpyy
=20YS
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Header values when using HttpServletResponse.sendRedirect()

[Joe Tseng <jt...@secure-innovations.net>]

FYI I'm using Tomcat v7.x.

I guess I misunderstood what happens when I use sendRedirect() - it sends a
new request, not a new response - but the effect is the same. That was what
I came away with when I read this:

http://javarevisited.blogspot.com/2011/09/sendredirect-forward-jsp-servlet.html

In any case, I gave up on using the header to pass additional items from
the server to the browser and ended up just using cookies. Unless someone
shows me otherwise, everything I saw online showed how to use
jQuery/xhr/your JS tool of the month to get header values from a GET/POST
response; meanwhile I never figured out how to extract those values after a
document was rendered in a traditional MVC app.

On Thu, Sep 8, 2016 at 11:22 AM Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Joe,
>
> On 9/6/16 3:36 PM, Joe Tseng wrote:
> > I inherited a codebase that calls
> > HttpServletResponse.sendRedirect() to another page after a user is
> > successfully logged in. I want to be able to insert a header value
> > before that redirection is executed. I tried to simply add a
> > HttpServletResponse.addHeader()/.setHeader() to the response object
> > before the redirect is called, but it seems a new response object
> > is used and sent to the browser. Is that assessment correct? Is
> > there any way for me to modify the redirect before it's sent or do
> > I have to use .forward()?
>
> Tomcat version?
>
> This should work. Calling response.setHeader or response.addHeader and
> then response.sendRedirect() should include your custom headers. What
> makes you think that "a new response object is used"?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX0YIMAAoJEBzwKT+lPKRYq38QAKkGUiXnf0vDOvuedrjq8zry
> Nrc/mVhqezWJq0usCubNKeFPqMtHrGO8BJL4eUdVl/w6FVX0Srf/2C34APrgUJZC
> 9G0l4R8f8jatbnD2irqUo166Bq3TcjSjppdq3wYsGLb6vdRAkC9bMWqEr3piphBi
> yVdKTPflDXo5FEmHcxFgKctwCGzVaqXMJ4tyAEXHZ2jN6azK2mBwCtyZnakoo+Qy
> zFFbI6beczIAood49aohi6k0w/IGkH6KtbcYvWgbSuPoeRPrIUqZBb8VMZtrWF80
> oyyLa1+3gIGnxBv/4KCRUpLuz2iHdjJ/qwTBgiwNmpo68YZIoqN/ylm1VLR+A9Bx
> AV7+ifTZaBQ6oIRWFgziw6ZDtw5l3WCYX2LlyCrSGdbPA7IQ9fYSFNSX0iJUq668
> TUesB+5WapCmW73kZSB1OFYpxLTlJAMY3l8KvZbWfhQ3ozLLd8yKKVFBJ2HlM1i5
> GbquzKQ7qMWTVG89OUoK9b7Ipf1mApEg9CfvXnajcImM7QKASlUc0LEdtF5ujkEc
> mTSw4AYUs3M0jMOarMIE/sn1MMgsjJiDpQUWhxXcX0GjViI/AAyDGqMOuClGBOAw
> IaBhqC8fbgOV31BwA81C3bUcEKRFcYdMASViZO8G1B/bn+s70FFnf+JBqLI96XfI
> xhQuuThjTx2zCU7oLZb0
> =Izss
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: Header values when using HttpServletResponse.sendRedirect()

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Joe,

On 9/6/16 3:36 PM, Joe Tseng wrote:
> I inherited a codebase that calls
> HttpServletResponse.sendRedirect() to another page after a user is
> successfully logged in. I want to be able to insert a header value
> before that redirection is executed. I tried to simply add a
> HttpServletResponse.addHeader()/.setHeader() to the response object
> before the redirect is called, but it seems a new response object
> is used and sent to the browser. Is that assessment correct? Is
> there any way for me to modify the redirect before it's sent or do
> I have to use .forward()?

Tomcat version?

This should work. Calling response.setHeader or response.addHeader and
then response.sendRedirect() should include your custom headers. What
makes you think that "a new response object is used"?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YIMAAoJEBzwKT+lPKRYq38QAKkGUiXnf0vDOvuedrjq8zry
Nrc/mVhqezWJq0usCubNKeFPqMtHrGO8BJL4eUdVl/w6FVX0Srf/2C34APrgUJZC
9G0l4R8f8jatbnD2irqUo166Bq3TcjSjppdq3wYsGLb6vdRAkC9bMWqEr3piphBi
yVdKTPflDXo5FEmHcxFgKctwCGzVaqXMJ4tyAEXHZ2jN6azK2mBwCtyZnakoo+Qy
zFFbI6beczIAood49aohi6k0w/IGkH6KtbcYvWgbSuPoeRPrIUqZBb8VMZtrWF80
oyyLa1+3gIGnxBv/4KCRUpLuz2iHdjJ/qwTBgiwNmpo68YZIoqN/ylm1VLR+A9Bx
AV7+ifTZaBQ6oIRWFgziw6ZDtw5l3WCYX2LlyCrSGdbPA7IQ9fYSFNSX0iJUq668
TUesB+5WapCmW73kZSB1OFYpxLTlJAMY3l8KvZbWfhQ3ozLLd8yKKVFBJ2HlM1i5
GbquzKQ7qMWTVG89OUoK9b7Ipf1mApEg9CfvXnajcImM7QKASlUc0LEdtF5ujkEc
mTSw4AYUs3M0jMOarMIE/sn1MMgsjJiDpQUWhxXcX0GjViI/AAyDGqMOuClGBOAw
IaBhqC8fbgOV31BwA81C3bUcEKRFcYdMASViZO8G1B/bn+s70FFnf+JBqLI96XfI
xhQuuThjTx2zCU7oLZb0
=Izss
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Header values when using HttpServletResponse.sendRedirect()

["Terence M. Bandoian" <te...@tmbsw.com>]

On 9/8/2016 4:47 AM, Terence M. Bandoian wrote:
> On 9/6/2016 2:36 PM, Joe Tseng wrote:
>> All,
>>
>> I inherited a codebase that calls HttpServletResponse.sendRedirect() to
>> another page after a user is successfully logged in. I want to be 
>> able to
>> insert a header value before that redirection is executed. I tried to
>> simply add a HttpServletResponse.addHeader()/.setHeader() to the 
>> response
>> object before the redirect is called, but it seems a new response 
>> object is
>> used and sent to the browser. Is that assessment correct? Is there 
>> any way
>> for me to modify the redirect before it's sent or do I have to use
>> .forward()?
>>
>> thx,
>>
>>   - Joe
>>
>
>
> Rather than using sendRedirect, it should be possible to set any 
> required headers and the status code using setHeader and setStatus.
>
> -Terence Bandoian
>  http://www.tmbsw.com/
>


Sorry about responding directly - I meant for my reply to go to the list.

-Terence


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org