aspose file tools*
The moose likes Struts and the fly likes encode and decode url query string values Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "encode and decode url query string values" Watch "encode and decode url query string values" New topic
Author

encode and decode url query string values

jay roy
Ranch Hand

Joined: Nov 16, 2006
Posts: 145
hi guys

I am passing parameters in my url like this
<html:form action="/record/details.do?judgmentTypeCode=PD&judgmentSequenceNumber=247551 &judtNumberYear=3>
�//other fields
<html:submit> Submit </html:submit>
</html:form>

The query string data judgmentTypeCode, judgmentSequenceNumber and judtNumberYear are confidential and I don�t want their values to be shown in the url. How do I accomplish that. I want to pass values in url query string but at the same time i want them to be hidden or in an unregognizable encoded format so that the url is shown in

browser as

/record/details.do?EncodedGARBAGEValue

I want to use the encoded and decoded technique to encode and decode the url query string values by using this code
http://www.exampledepot.com/egs/javax.crypto/DesString.html

So I want to write a wrapper method in my Request processor (I am using struts) which would encode/decode the url query string values after the �.do� part. I want to do that in RequestProcessor because RequestProcessor processes every request. (not sure if thats a good idea)

The GOAL is , the user should not see the query string values in the url no matter what.

That�s what I have in mind. I am not sure if I am going in right direction. If any one has better ideas , I will greatly appreciate if you can share it with me.


Thanks
J
Dom Lassy
Ranch Hand

Joined: May 05, 2006
Posts: 181
Make them hidden form fields.
jay roy
Ranch Hand

Joined: Nov 16, 2006
Posts: 145
unfortunately thats not an option. the values are not hardcoded, they are generated dynamically, for instance
<html:form action="/record/details.do?judgmentTypeCode=<c ut value=${'type.code'}&judgmentSequenceNumber=<c ut value=${'judgmentSequence.Number'}>
In <c ut value=${'judgmentSequence.Number'} :judgmentSequence.Number is dynamic value which i am getting from value-object 'judgmentSequence'

more over , if i want to pass say 10 or 20 values in query string , i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy.
I have to pass values in URL, passing them as hidden fields or putting them in session is unfortunately not an option.

thanks
J
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42947
    
  70
the values are not hardcoded, they are generated dynamically, for instance

I don't understand why that makes a difference. The JSP doesn't care whether it outputs values that are part of an URL, or which go into a form field.
if i want to pass say 10 or 20 values in query string, i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy.

Having 20 form fields is not unusual. Having 20 URL parameters is very unusual. Better to have a crappy JSP page (although I'm not sure why you'd think that) than to have a crappy URL
[ March 06, 2007: Message edited by: Ulf Dittmer ]
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
I agree that hidden form fields would be much cleaner than putting all the values on the url, but you seem to be against that. In any case hidden fields are not very secure or private because they can easily be changed using simple tools and the value can be seen in the html source.

Check out this post:
http://www.coderanch.com/t/55543/Struts/Struts-Security-Extension

I read through an article at the site linked. It seems like it might do what you need.

- Brent
jay roy
Ranch Hand

Joined: Nov 16, 2006
Posts: 145
thanks everybody, apprecite your input

yes hidden fields is an option but the most common way i feel is passing values in url, so i just want to keep passing values in url but make it secure.

>>>In any case hidden fields are not very secure or private
yes , thats very true and url query string values are vulnerable too ,thats why i wanna secure them.

very intresting link brent. did you download and impliment that, just want to hear some reviews before i download.

thanks once again guys
J
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42947
    
  70
the most common way i feel is passing values in url

But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?

but make it secure

In terms of security and/or privacy both methods are equal. Use HTTP authentication and/or HTTPS if you're concerned about that.
jay roy
Ranch Hand

Joined: Nov 16, 2006
Posts: 145
>>>But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?

that was just an example. Dont take it literally brent's link is awesome, just what i want.

thanks guys
J
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: encode and decode url query string values