So how do I navigate to another web application on the server from my current application context?
Simple...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Substitute your target web application below. | |
| ServletContext sc = request.getServletContext().getContext("/EnterpriseApplication1-war"); | |
| //An example of what you can see to prove a point | |
| Map<String, ? extends ServletRegistration> map = sc.getServletRegistrations(); | |
| for (String key : map.keySet()) { | |
| sc.log("Registration " + map.get(key).getName()); | |
| Map<String, String> params = sc.getServletRegistration(map.get(key).getName()).getInitParameters(); | |
| for (String k : params.keySet()) { | |
| sc.log("\t" + k + " --> " + params.get(k)); | |
| } | |
| } |
3 comments :
What are the security implications of doing this?
How can an app avoid 3rd-app access?
What about security issues?
How to prevent access?
As I noted on twitter, the question was how to do it. When the question was posed to me, I knew how to do it so I made a quick post on how.
The security aspect had not entered my mind when I was asked how to do it. I would need to take some time to enable security on both applications to see if I can actually do it with security turned on.
In any case, in the absence of checking the security aspects, I can see that it is potentially very scary. Using this technique, and the article http://javaevangelist.blogspot.com/2012/11/dynamic-servlet-registration-example.html You could dynamically inject arbitrary servlets into another context.
Post a Comment