Hi All Ranchers,
Struts Version : 2.2.1.1
Objective : To encrypt the queryString passed as URL params.
Eg.
https://localhost:8443/T/dLoadAction.do?id_=567&discr=P
should be changed to
https://localhost:8443/T/dLoadAction.do?enc=126938adjkdak78133189
or likewise.
1: I am already using https to prevent sniffing from outside, but here I am worried about the insiders poking into
somebody else's domain by tampering the id_ parameter etc.
2. I cannot use POST in these cases. ( And anyway they can also be tracked from the headers)
Note the below 2 cases : 1st one is a redirect from a saveAction to prevent duplicate transaction on refresh
a> In my struts.xml I have the below setup
b> In my Menu.jsp, I have the following
Can anybody please help me in this regard? I have fiddled a lot with the options which Google provided me, like
modifying the s:url / s:param to encrypt the params.
I also fiddled with ParametersInterceptor.
I tried that as well and many other things,but still none of them
work satisfactorily. Can somebody please shed some light on how this can be done?
This is a bit critical so I would really really .. really (yeah, 1 more to "really" show how I feel at the moment
)
appreciate if anybody could help me in this regards.
Thanks a lot for your time in advance.
Anirban.
P.S: I am also trying to implement an authorization mechanism which will enable me to track is somebody is trying to access any data which does not belong to him.
This involves a database querying for the logged in user and seeing to which entities he is actually tagged to. This will probably always work, but it becomes a maintenance nightmare,as we have to keep updating the query for any new types added and not to mention the multilevel querying for admins and so on.