Let me explain myself well. I'm integrating my application with Jasper Report Server and I'm preventing the username and password from being sent via URL (with GET) to view a report.
CodePudding user response:
Theoretically you can manipulate the cookie of the Java HTTP session (it works at least for Tomcat and Spring Boot). Setting the session cookie Tomcat makes it accessible over the HttpServletResponse instance. You can overwrite JSESSION cookie replacing the Path attribute.
But such a manual manipulation is not covered by JEE standard and it will be really painful to debug this solution.
I have a better idea! Is Jasper Report Server embedded in your application as a third party servlet? If yes, I would suggest to wrap a custom filter around this Servlet. The filter can be specified in "web.xml". Inside the filter you need to create a proxy for HttpServletRequest and inject any authentication information you want. You can emulate anything on this level including a fake HTTP session.