Joshua Slive wrote:
On Apr 12, 2005 1:23 PM, Vanga <Pitchi.Vanga@xxxxxxxxxxxxxxxx> wrote:This is a J2EE application. Normally the jsp pages, servlets or EJBs are secured by declaring security constraints. display.do is one of them. The auth server is a single sign-on server(which is also a J2EE app server with an apache[......] I understand all that. But you say that the browser eventually bypasses the proxy and goes directly to the back-end. Exactly what is the trigger for the browser to do that? Is it following a link that references the backend server? Is there some funky javascript? Is a redirect being sent pointing at the back-end server? If so, what exactly does the redirect look like. Joshua.
I am not using JavaScript at all. It is a vanilla struts app. I am suspecting that appserver is redirecting to authserver. But I do not know how proxy is getting bypassed. Come to think of it, probably I should take your cue and run the browser in debug/trace mode and dump all the info. and see what is happening between browser and web server. I do not know how I can do this with Internet Explorer. Do you know of any browser that can do this?
Thanks Vanga --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|