File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Encrypting the Query String! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Encrypting the Query String!" Watch "Encrypting the Query String!" New topic
Author

Encrypting the Query String!

Anirban Chowdhury
Ranch Hand

Joined: Aug 05, 2008
Posts: 36
Hi All Ranchers,

Struts Version : 2.2.1.1
Objective : To encrypt the queryString passed as URL params.

Eg. https://localhost:8443/T/dLoadAction.do?id_=567&discr=P
should be changed to https://localhost:8443/T/dLoadAction.do?enc=126938adjkdak78133189
or likewise.

1: I am already using https to prevent sniffing from outside, but here I am worried about the insiders poking into
somebody else's domain by tampering the id_ parameter etc.

2. I cannot use POST in these cases. ( And anyway they can also be tracked from the headers)

Note the below 2 cases : 1st one is a redirect from a saveAction to prevent duplicate transaction on refresh

a> In my struts.xml I have the below setup

b> In my Menu.jsp, I have the following



Can anybody please help me in this regard? I have fiddled a lot with the options which Google provided me, like
modifying the s:url / s:param to encrypt the params.
I also fiddled with ParametersInterceptor.
I tried that as well and many other things,but still none of them
work satisfactorily. Can somebody please shed some light on how this can be done?
This is a bit critical so I would really really .. really (yeah, 1 more to "really" show how I feel at the moment :banghead
appreciate if anybody could help me in this regards.

Thanks a lot for your time in advance.
Anirban.


P.S: I am also trying to implement an authorization mechanism which will enable me to track is somebody is trying to access any data which does not belong to him.
This involves a database querying for the logged in user and seeing to which entities he is actually tagged to. This will probably always work, but it becomes a maintenance nightmare,as we have to keep updating the query for any new types added and not to mention the multilevel querying for admins and so on.









To living life on the edge! I blog my experiences @ http://anirbanchowdhury.wordpress.com.
 
wood burning stoves
 
subject: Encrypting the Query String!
 
Similar Threads
Accessing param in Struts.xml Action Mapping
Pass parameters to Model from anchor tag
Struts2: s:param not adding parameters to s:url
File download in struts2
Struts 2 s:url and s:param tag question