Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Problem in redirection  RSS feed

 
Preeti Arora
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am giving link to one of the website to redirect to my site.
But I want to make sure that people can view my site only when they are redirected,they should not able to view directly by typing the url in the browser.Is there anyway to prevent this.I cannot use login/pwd as the user will be logging to the other site and then coming to my site.
I want solution which I can implement at my end only.

Thanks.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depends what level of 'security' you want. If it is just trivial purposes you could get them to include a token on the URL which you check for, but this isn't significantly better than 'no solution'. You could check the http-referrer on the HTTP header to make sure they came from the correct site. This is better but again not so hard to bypass. If you want enterprise security you can look at distributed security systems (kerberos?) but it depends how far you want to go.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you model it as Single Sign On (SSO), then there are some other ways you can achieve this, including JOSSO Java Open Single Sign-On.
 
Preeti Arora
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for reply.
I guess I would settle with http-referrer.I want some security so that user cannot go directly.
This will help.
 
Preeti Arora
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One more problem,

I have made a dummy link which is redirecting to my site using window.open.
Let's say:
http://localhost:8080/Search/getDetails?searchfor=2005&userid=1&password=p

getDetails is a servlet which does processing then pass control to jsp for displaying.
When I am printing request.getHeader("Referer") either in jsp or servlet I am getting null.
Can you please tell why?

Thanks.
 
kumar ar
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd recommend you use the hidden field. While it is certainly more of a hassle it is also more reliable.
The referer field can be stripped from the HTTP header by a proxy. In fact the browser isn't required to send the referer field in the header at all.
 
Preeti Arora
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

How I have implemented the solution is: on the main window I have initialised a hidden variable.Then when its redirected to my site I m checking window.opener.document.hdnvar.value against a variable.If its equal then only redirect to my website.
But still user can "view source" and see the values of hidden variable.
Any other suggestion is welcome.
Thanks.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!