Hi, I am giving link to one of the website to redirect to my site. But I want to make sure that people can view my site only when they are redirected,they should not able to view directly by typing the url in the browser.Is there anyway to prevent this.I cannot use login/pwd as the user will be logging to the other site and then coming to my site. I want solution which I can implement at my end only.
Depends what level of 'security' you want. If it is just trivial purposes you could get them to include a token on the URL which you check for, but this isn't significantly better than 'no solution'. You could check the http-referrer on the HTTP header to make sure they came from the correct site. This is better but again not so hard to bypass. If you want enterprise security you can look at distributed security systems (kerberos?) but it depends how far you want to go.
getDetails is a servlet which does processing then pass control to jsp for displaying. When I am printing request.getHeader("Referer") either in jsp or servlet I am getting null. Can you please tell why?
I'd recommend you use the hidden field. While it is certainly more of a hassle it is also more reliable. The referer field can be stripped from the HTTP header by a proxy. In fact the browser isn't required to send the referer field in the header at all.
How I have implemented the solution is: on the main window I have initialised a hidden variable.Then when its redirected to my site I m checking window.opener.document.hdnvar.value against a variable.If its equal then only redirect to my website. But still user can "view source" and see the values of hidden variable. Any other suggestion is welcome. Thanks.