This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Indirectly access servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Indirectly access servlet" Watch "Indirectly access servlet" New topic
Author

Indirectly access servlet

CoffeeFan
Greenhorn

Joined: Oct 11, 2002
Posts: 12
Dear all,
Does anybody know how to access a servlet only through redirecting or forwarding way but can not be accessed directly? Thanks a lot for your hints.
Michael


SCJP
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

'CoffeeFan'

naming policy

As for your question...

You maybe mean "only by means of including or forwarding from a directly referenced URL"? Redirecting means that the directly referenced URL sends an HTTP response code back to the browser to 'find this resource over here', and then the browser will make a 'direct' request for this resource, which you didn't want.

There might be a combination of security restraints that could accomplish what you want. With a bit more detail, we might have more concrete suggestions.
CoffeeFan
Greenhorn

Joined: Oct 11, 2002
Posts: 12
Hi, Mike,
Thanks for your reply. I agree with you that I should use "include" instead of "redirect". I actually want to create a servlet or html file which can only be accessed indirectly from a validation page but block the directly access from the web browser.
Any good suggestion? Looking forward to your answer.
Regards,
CoffeeFan
Rangarajan Suresh
Ranch Hand

Joined: Jan 08, 2002
Posts: 50
Originally posted by Mike Curwen:
'CoffeeFan'

naming policy

As for your question...

You maybe mean "only by means of including or forwarding from a directly referenced URL"? Redirecting means that the directly referenced URL sends an HTTP response code back to the browser to 'find this resource over here', and then the browser will make a 'direct' request for this resource, which you didn't want.

There might be a combination of security restraints that could accomplish what you want. With a bit more detail, we might have more concrete suggestions.

CoffeFan,
dont forget to change ur name.
Probably, you can use the HTTP_REFERER header and/or the getRequestURL methods to determine the source of your incoming request.
You can also enforce security as mentioned above to restrict the callers.
Tom Blough
Ranch Hand

Joined: Jul 31, 2003
Posts: 263
CoffeFan,
When a user requests a page from a browser, the browser issues a GET request for the page. Override doGet to respond with a message that the servlet cannot be accessed directly and then put your servlet code into doPost.
Doing this allows the servlet to only be accessed programatically by forcing a POST call, or from a form with the method set to POST. This is not completely foolproof and there are ways around it, but it will fix the problem for 99% of users.


Tom Blough<br /> <blockquote><font size="1" face="Verdana, Arial">quote:</font><hr>Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt.<hr></blockquote>
CoffeeFan
Greenhorn

Joined: Oct 11, 2002
Posts: 12
Thanks all for your answers.
CoffeeFan
 
wood burning stoves
 
subject: Indirectly access servlet
 
Similar Threads
session variable
Attaching Style Sheets to Servlets
problem calling servlet to build a list of data from a database and display a jsp page
post to a different system's servlet
Access HTML Form name programmatically from Servlet.