Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Prevent URL requested directly from browser

 
Mike Landis
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
What is the best way to prevent user to request web application's pages (or actions if Struts based) from browser manually?
E.g. user is using web application and taking it's current url to clipboard. Then user goes e.g. to Google for surfing for a while.
After surfing (s)he pastes web applications url back to browser's address field.
Best technique in web applicaton to prevent this?
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On each valid entrypoint store a flag in the session. On all other pages check for the existence of that flag and forward to the main entry point for the application if it is not there.
Does not prevent people from slipping to another site for a few minutes but does prevent people bookmarking pages inside the application and will cause spidered URLs to be redirected to the frontpage when people click on them in searchengines.
 
Mike Landis
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, thanks!
Has anyone defined a design pattern for that?
Br
 
David Hibbs
Ranch Hand
Posts: 374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depending on what exactly you're trying to avoid, the EASIEST way may be simply to override the doGet method so that HTTP GET calls all result in a redirect or forbidden result.
A similar alternative is to use
request.getMethod().equalsIgnoreCase("GET")
to check whether the request method was get/post.
These of course assume that you're trying to prevent access to the results of a form action, but that seems the most reasonable place to prevent such an action.
Another possibility is to check if the session is new and do something based on that.
if ( request.getSession().isNew() )
{
// redirect to welcome page
}
Note of course that the above code could be compiled into a tag, making it easy to put it on any page that you wanted to protect.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic