• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

how to make to not work url if copied to new browser

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have a jsp page and if user clicks link in that page the report(report page is CGI) open in new window.
If I copy that url (report url) to new browser the report still works. If I copy the url to new browser it should not work.
How can I restrick the URL, so that it should not work if url (bookmark) is copied to new browser.
Please can any one help how to make not work the url if copied to new browser (the basic thing the report should work only for
login user).
I tried to use the following java script but that is not working...
I need to hide variable 'rspnId' from URL. If there is no rspnId then the report should not work even if you copy the link
to new browser.
Any help please....


Here is the code:

<html>
<form name=f1 action="" method=post>
<body>
<a href="javascript:window.open('http://s21-turbo.com:8001/test/rwcgi60?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234','a')" >Inquiry Received Notice NEW ONE </a>
</form>
</body>
</html>

Thanks.
 
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The only real way to do that is use serverside user validation, session, etc., to ensure that user is loged in.

Otherwise, you can try:

Make it a form submission
Something like :


Also, you can :
play with refferer,
or try to set some vars on opened window
or check is window name correct
[ November 23, 2004: Message edited by: Yuriy Fuksenko ]
 
suprita konda
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Yuriy,

Thanks for your quick response. The report file is CGI and I don't have souce code to validate anything in that report.
The CGI file is third party vendor file and I need to call that page from my own jsp page. After opening the report if I copy that report url to new browser it should work. (that's what I want). I need to whatever changes on my jsp page only. So the only way i need to restric the report to not work is hiding the parameter in the url.
For CGI report I need to pass the parameters in the following format. If use hidden variable the parameter appends ampercent. It should not pass ampercent.

DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234'

Thanks.
 
Ranch Hand
Posts: 502
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use a Business Delegate pattern and have your servlet intercept calls to the CGI. You servlet can forward the request to the CGI only if the user has a valid session.

so, basically, you write a servlet called 'report', the URL on the browser will look like this
<a href="http://s21-turbo.com:8001/test/<b rel="nofollow">report</b>?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234" target="_blank">http://s21-turbo.com:8001/test/report?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234

You servlet can validate that the user is logged in, and forward the request to http://s21-turbo.com:8001/test/rwcgi60?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234

The URL seen by the user will be <a href="http://s21-turbo.com:8001/test/<b rel="nofollow">report</b>?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234" target="_blank">http://s21-turbo.com:8001/test/report?DEV_APPS+report=irn_report.rdf+paramform=YES+rspnId=234234 and if he types the URL without logging in, your report servlet will detect that the session is not valid and kick the user to a login page
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you can not control the CGI, then you are most likely out of luck. If you could chnage it to responsd to a post instead of a get in the form, then the bookmarked page would not work since it would not have the passed form values.

Eric
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can:

make you code instead of calling that cgi directly, call one of your JSP. You can use a post for that. That JSP will do serverside forward to the cgi report.

Another possibility - put url for report as iframe into a html/jsp page. Use java/javascript to validate a request and dynamically produce the url for cgi.
 
suprita konda
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
All,

Thanks for all your quick responses. I think the one Yuriy told looks good solution to my problem. I want to control to don't display report if user copies the report url to new window. Insted of calling CGI report directly if we call another jsp page and that jsp page will forward the url to CGI report will work. Let me see this suggestion..

Thank you very much and I will let you know once I done this problem.
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Looking at this thread, I found that Jayesh Lalwani recomended the same thing earlier than I did.

Probably

You can use a Business Delegate pattern and have your servlet intercept calls to the CGI

sounds to scary
 
Jayesh Lalwani
Ranch Hand
Posts: 502
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess Yuri's and my suggestion are almost equivalent. He's suggesting you to do the same thing in a jsp.

I would do something like this in a Servlet/Action because validation of session should be done by the controller and not the view. Using a JSP to forward to the report CGI will just make it difficult for you to seperate out your view components
 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Jayesh Lalwani,

Your's and yuri's solution are same. Thanks for your response.
 
supriti konda
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am trying to forward the page using absolute URL. The problem is it is appending the "/" infront of
http://xxx.com/test1.jsp i.e the url becomes /http://xxx.com/xyz/test1.jsp if use forward tag in jsp.
Why is that forward slash ("/") appending to the URL?
Please can any one know why I have this problem.
Here is the code I am using:

test.jsp:
****************
<html>
<body>
<jsp:forward page='http://xxx.com/xyz/test1.jsp' />
</body>


If I use response.sendRedirect() method the user can see that URL in browser.
My problem is I need to hide that URL in the browser so that user can't see.
If I use jsp:forward the user can't see http://..../xyz/test1.jsp page because I am forwarding this page in test.jsp.
Is there any way that the user can't see the URL when we forward the page?

Thanks.
 
Grow a forest with seedballs and this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic