aspose file tools*
The moose likes Servlets and the fly likes Prevent URL requested directly from browser Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Prevent URL requested directly from browser " Watch "Prevent URL requested directly from browser " New topic
Author

Prevent URL requested directly from browser

Mike Landis
Greenhorn

Joined: Jun 05, 2003
Posts: 21
Hello,
What is the best way to prevent user to request web application's pages (or actions if Struts based) from browser manually?
E.g. user is using web application and taking it's current url to clipboard. Then user goes e.g. to Google for surfing for a while.
After surfing (s)he pastes web applications url back to browser's address field.
Best technique in web applicaton to prevent this?
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
On each valid entrypoint store a flag in the session. On all other pages check for the existence of that flag and forward to the main entry point for the application if it is not there.
Does not prevent people from slipping to another site for a few minutes but does prevent people bookmarking pages inside the application and will cause spidered URLs to be redirected to the frontpage when people click on them in searchengines.


42
Mike Landis
Greenhorn

Joined: Jun 05, 2003
Posts: 21
Ok, thanks!
Has anyone defined a design pattern for that?
Br
David Hibbs
Ranch Hand

Joined: Dec 19, 2002
Posts: 374
Depending on what exactly you're trying to avoid, the EASIEST way may be simply to override the doGet method so that HTTP GET calls all result in a redirect or forbidden result.
A similar alternative is to use
request.getMethod().equalsIgnoreCase("GET")
to check whether the request method was get/post.
These of course assume that you're trying to prevent access to the results of a form action, but that seems the most reasonable place to prevent such an action.
Another possibility is to check if the session is new and do something based on that.
if ( request.getSession().isNew() )
{
// redirect to welcome page
}
Note of course that the above code could be compiled into a tag, making it easy to put it on any page that you wanted to protect.


"Write beautiful code; then profile that beautiful code and make little bits of it uglier but faster." --The JavaPerformanceTuning.com team, Newsletter 039.
 
jQuery in Action, 2nd edition
 
subject: Prevent URL requested directly from browser