-
2. Re: ENV variable in a URL?
aerologic Nov 18, 2013 8:03 AM (in response to rhusar)Thanks for the reply but I don't follow.
1) is it valid to embed an ENVvariable into a URL to be sent to a web server? What is the syntax?
2) this would just be a decoded string (parameter) on the server side
THanks again.
-
3. Re: ENV variable in a URL?
rhusar Nov 18, 2013 8:09 AM (in response to aerologic)Maybe lets start with describing what are you trying to do? How are you sending the HTTP request? From where? To where? How does it relate to JBoss AS 7?
-
4. Re: ENV variable in a URL?
aerologic Nov 18, 2013 8:18 AM (in response to rhusar)Ok. Fair enough.
i Have a fairly simple servlet, un authenticated, running on Jboss.
the URL, I have a couple string parameters, that the servlet uses. So far, so good.
the clients are Windows machines, and I would like that the USERNAME environment variable be part of the URL so that the servlet knows the user name of the logged on user (OS) sending the request.
i Don't know if this is even allowed. If it is I can't figure out what the syntax of the URL string would be. I tried a few things.
-
5. Re: ENV variable in a URL?
dlofthouse Nov 18, 2013 8:25 AM (in response to aerologic)What you are talking about would be for the web browser to be resolving the environment variable, which in turn means any malicious site the user connected to would be able to construct URLs to discover what it wants to know about the client machine.
"so that the servlet knows the user name of the logged on user (OS)"
Even if it was possible to resolve the variable the servlet would never know the user name of the logged in user, all it would ever know is the username contained within the URL.
You may be better with enabling Kerberos authentication so the username can be sent over properly as part of the authentication process.
-
6. Re: ENV variable in a URL?
rhusar Nov 18, 2013 8:50 AM (in response to dlofthouse)+1 Darran is right, of couse anyone could spoof the username.