• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Indirectly access servlet

 
CoffeeFan
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,
Does anybody know how to access a servlet only through redirecting or forwarding way but can not be accessed directly? Thanks a lot for your hints.
Michael
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
'CoffeeFan'

naming policy

As for your question...

You maybe mean "only by means of including or forwarding from a directly referenced URL"? Redirecting means that the directly referenced URL sends an HTTP response code back to the browser to 'find this resource over here', and then the browser will make a 'direct' request for this resource, which you didn't want.

There might be a combination of security restraints that could accomplish what you want. With a bit more detail, we might have more concrete suggestions.
 
CoffeeFan
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Mike,
Thanks for your reply. I agree with you that I should use "include" instead of "redirect". I actually want to create a servlet or html file which can only be accessed indirectly from a validation page but block the directly access from the web browser.
Any good suggestion? Looking forward to your answer.
Regards,
CoffeeFan
 
Rangarajan Suresh
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Mike Curwen:
'CoffeeFan'

naming policy

As for your question...

You maybe mean "only by means of including or forwarding from a directly referenced URL"? Redirecting means that the directly referenced URL sends an HTTP response code back to the browser to 'find this resource over here', and then the browser will make a 'direct' request for this resource, which you didn't want.

There might be a combination of security restraints that could accomplish what you want. With a bit more detail, we might have more concrete suggestions.

CoffeFan,
dont forget to change ur name.
Probably, you can use the HTTP_REFERER header and/or the getRequestURL methods to determine the source of your incoming request.
You can also enforce security as mentioned above to restrict the callers.
 
Tom Blough
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
CoffeFan,
When a user requests a page from a browser, the browser issues a GET request for the page. Override doGet to respond with a message that the servlet cannot be accessed directly and then put your servlet code into doPost.
Doing this allows the servlet to only be accessed programatically by forcing a POST call, or from a form with the method set to POST. This is not completely foolproof and there are ways around it, but it will fix the problem for 99% of users.
 
CoffeeFan
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks all for your answers.
CoffeeFan
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic