Java Reference
In-Depth Information
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP
* <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
When a user visits this servlet, the servlet will be executed under the specified role. For more information
regarding the configuration of principals and roles in Glassfish, please refer to the online documentation.
Thwarting Session Fixation Attack
It is possible for a web hacker to obtain security IDs used by web sites for authentication purposes. When a malicious
hacker gets ahold of such an identifier, havoc could be wreaked upon a victim's account because a security ID could
possibly grant a hacker full permissions to the hacked account. Such attacks are known as session fixation attacks .
In Servlet 3.1, session fixation attacks can be thwarted by changing the session ID once a user has successfully
authenticated to the application. The session ID can be changed by calling the new HttpServletRequest.changeSessionId
method after the session has already been created. The new HttpSessionIdListener interface can be used to implement
listener classes that are responsible for changing a session identifier.
The Servlet 3.1 code base has been updated to use the new HttpSessionIdListener as a standard listener.
As such, the following APIs now accept listener classes that implement the HttpSessionIdListener interface:
addListener(String className)
<T extends EventListener> void addListener(T t)
void addListener(Class <? extends EventListener> listenerClass)
 
Search WWH ::




Custom Search