File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Identify if HTTP Request originates from valid source

 
Prince Manchanda
Ranch Hand
Posts: 52
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My Web Application has few pages, the links for which are sent to the outside world in email. So, when user clicks on the link in the email, he/she will have to log in and then redirected to the link. An example of such link is for Saved Report.

My requirement is that I want to identify if a request coming from such link is legitimate. That the link used to invoke the application is the same that has been sent in the mail.

At first thought, the solution for this might be similar to what is used by sites for confirmation of new users. A link is sent to the new user's email and it contains some sort of encoded string.

Any implementation details of this solution or any other solution would be really helpful.
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prince Manchanda wrote:My Web Application has few pages, the links for which are sent to the outside world in email. So, when user clicks on the link in the email, he/she will have to log in and then redirected to the link. An example of such link is for Saved Report.

My requirement is that I want to identify if a request coming from such link is legitimate. That the link used to invoke the application is the same that has been sent in the mail.

At first thought, the solution for this might be similar to what is used by sites for confirmation of new users. A link is sent to the new user's email and it contains some sort of encoded string.

Any implementation details of this solution or any other solution would be really helpful.


your first thought is good. Those sites usually send out a hash with some combination of the site name, the user's email, username, date, etc. So, show some code of how you would hash the user's data in such a way that you could identify them when they come back from the link you sent.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic