If the user is authorized, the web server returns the result of the original URL request, as shown in Figure 28–4.
In our example, the response URL of a JSP page is returned, enabling the user to post form data that needs to be handled by the business logic component of the application. Read Chapter 30, Securing Web Applications for more information on protecting web applications.