This was a question I got tonight. It was a little more complicated prior to Servlet 3.0, but now it is very easy. In fact I almost thought it was not worth writing a post about it. Then I asked a friend in IM if he knew how to do it. It was so much more complicated, I decided to capitulate and post my response.
So how do I navigate to another web application on the server from my current application context?
Simple...
What are the security implications of doing this?
ReplyDeleteHow can an app avoid 3rd-app access?
What about security issues?
ReplyDeleteHow to prevent access?
As I noted on twitter, the question was how to do it. When the question was posed to me, I knew how to do it so I made a quick post on how.
ReplyDeleteThe security aspect had not entered my mind when I was asked how to do it. I would need to take some time to enable security on both applications to see if I can actually do it with security turned on.
In any case, in the absence of checking the security aspects, I can see that it is potentially very scary. Using this technique, and the article http://javaevangelist.blogspot.com/2012/11/dynamic-servlet-registration-example.html You could dynamically inject arbitrary servlets into another context.