File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Reporting and QueryStrings

 
Michele Smith
Ranch Hand
Posts: 421
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello I am using the free version of BIRT and need to know if there is the ability to secure a parameter being passed on the querystring so that a user may not edit it or see it on the querystring.

While testing I discovered that when one changes a querystring parameter from 25 or 253, they can see the other entities account information.

Thanks,
 
Junilu Lacar
Bartender
Pie
Posts: 6529
21
Java Linux Mac Scala Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to put more context around this. What does 25 and 253 mean? Who is "they" and who are the "other entities". Just offhand though, this sounds more like a session management issue rather than something specific to BIRT. Maybe information from the query string is being placed into the application scope rather than the session or request scope. Again, need more context.
 
Michele Smith
Ranch Hand
Posts: 421
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well I found a solution that allows a user of the BIRT reports to be prevented from modifying the url.

you are right, this is about session management.

the current application does not use any sessions, but I need to introduce a session.

Do you think this servlet will work in terms of creating a session for the parameter parentid?

Also second question, how should I introduce this servlet, should I import it on the main servlet that is tied to the xsl page or should I set up a request.dispatcher.

If it would involve request.dispatcher, can you help me to figure out how to code that?

The application also does not use request.dispatcher.

Thanks, here is the code for the servlet.

 
Junilu Lacar
Bartender
Pie
Posts: 6529
21
Java Linux Mac Scala Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your questions are architectural in nature and I could not honestly answer one way or another based on what you have given. That being said, I am surprised that you are programming servlets directly. On any modern web-based application of significant size and importance, one of the first architectural decisions would be to settle on a framework to use to abstract away most of the intricacies of programming servlets so that you are dealing more with dispatching requests to appropriate business services and creating appropriate views and responses from a high-level point of view rather than from a low-level "plumbing" point of view.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic