• Post Reply Bookmark Topic Watch Topic
  • New Topic

hide query string from hyperlink  RSS feed

 
Ken Kirin
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

My question is whether the following scenario is possible

1. A jsp page from the url
http://localhost:9081/TempWeb/UserController
contain a text
click here
with the hyperlink attached for example


2. When a user clicks hyperlink
click here
, the browser sends GET method with
page=NEW_USER_SCREEN
to the UserController (servlet) which further calls an action (back-end class) to process the request ( same concept as strut-framework )

3. Once the process request is returned from that action to the UserController, it uses request dispatcher that is gotten from ServletContext to forward the result to another jsp page ( for example, login.jsp )
For example;



4. The url appeared on the browser is
http://localhost:9081/TempWeb/UserController?


Currently it is
http://localhost:9081/TempWeb/UserController?page=NEW_USER_SCREEN&userid=1234


Is there anyway that I can hide the query string on the url?. I have tried to intercept the request by removing the query string from the begining but leave the parameter intact so that I can use it in my UserController servlet as normal but this doesn't seem to solve the problem.

Thank you very much in advance. Any suggestion is welcome

Regards,
Ken Kirin
[ April 29, 2007: Message edited by: Bear Bibeault ]
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyway that I can hide the query string on the url?


As long as that url is used in a browser GET operation, any parameter will be visible. You might obfuscate the parameter(s) so it is not obvious what the values mean and so that the url cant be reused.

Bill
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Or use a POST to begin with.
 
Ken Kirin
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bear,William,

My assumption is that we are not allowed to change the http method.

I have also tried to use ServletFilter to intercept the http request from the browser that is sent with GET method and change it to POST method in doFilter(...) method using the HttpServletRequestWrapper. After passing this to the UserController servlet, i can see that it calls doPost(..). Then the process goes on until it comes back to this UserController as I described before. After that i uses the same approach by using the same ServletFilter to remove the query string (?page=NEW_USER_SCREEN) and again force the http method to be POST and believe that the browser use information from the request and response sent from UserController to render the page including the url. So it there is a way that i can remove those related information, the result should be what I expected( the query string is removed on the url ). However, I am not sure that my solution is reasonable or not. Please comment.


Thank you very much
Ken Kirin
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
getServletConfig().getServletContext(.getRequestDispatcher("login.jsp").forward(req,resp);


Instead of this, could you refactor the code to send a redirect as the response? Something like:

 
Ken Kirin
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf,

Thank you for your comment. My current solution is exactly what you are suggesting. However, sendRedirect(...) requires multiple calls(client side) comparing with using requestDispatch(...) (server side). Therefore my second constraint is to use requestDispatch() too reduce a number of calls as few as possible.

Thank you again for your comment.
Cheers,

Ken Kirin
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Without a redirect, the browser has no way of knowing what's going on on the server and any machinations will have no effect on the displayed URL.

What's the reasoning behind your question? Security? Making the URL "pretty"? Other?

That might help us suggest other techniques.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
However, sendRedirect(...) requires multiple calls(client side) comparing with using requestDispatch(...) (server side). Therefore my second constraint is to use requestDispatch() too reduce a number of calls as few as possible.


OK, so that should not be a problem then. Using a redirect (which is just a single extra client call) is standard operating procedure for web apps. Just tell whoever came up with that constraint that that is not a valid constraint to burden developer with.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you need some ammo regarding justifying the use if a redirect in established web application patterns, you might find this article useful.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!