6 Replies Latest reply on Nov 18, 2013 8:50 AM by rhusar

    ENV variable in a URL?

    aerologic

      Can an environment variable be embedded into a URL to be sent to a web server?

       

      thanks!

       

      DAve P

        • 1. Re: ENV variable in a URL?
          rhusar
          • 2. Re: ENV variable in a URL?
            aerologic

            Thanks for the reply but  I don't follow.

             

            1) is it valid to embed an ENVvariable into a URL to be sent to a web server? What is the syntax?

             

            2) this would just be a decoded string (parameter) on the server side

             

            THanks again.

            • 3. Re: ENV variable in a URL?
              rhusar

              Maybe lets start with describing what are you trying to do? How are you sending the HTTP request? From where? To where? How does it relate to JBoss AS 7?

              • 4. Re: ENV variable in a URL?
                aerologic

                Ok. Fair enough.

                 

                i Have a fairly simple servlet, un authenticated, running on Jboss.

                 

                the URL, I have a couple string parameters, that the servlet uses. So far, so good.

                 

                the clients are Windows machines, and I would like that the USERNAME environment variable be part of the URL so that the servlet knows the user name of the logged on user (OS) sending the request.

                 

                i Don't know if this is even allowed. If it is I can't figure out what the syntax of the URL string would be. I tried a few things.

                • 5. Re: ENV variable in a URL?
                  dlofthouse

                  What you are talking about would be for the web browser to be resolving the environment variable, which in turn means any malicious site the user connected to would be able to construct URLs to discover what it wants to know about the client machine.

                  "so that the servlet knows the user name of the logged on user (OS)"

                  Even if it was possible to resolve the variable the servlet would never know the user name of the logged in user, all it would ever know is the username contained within the URL.

                   

                  You may be better with enabling Kerberos authentication so the username can be sent over properly as part of the authentication process.

                  • 6. Re: ENV variable in a URL?
                    rhusar

                    +1 Darran is right, of couse anyone could spoof the username.