aspose file tools*
The moose likes Java in General and the fly likes Reporting and QueryStrings Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Reporting and QueryStrings" Watch "Reporting and QueryStrings" New topic
Author

Reporting and QueryStrings

Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 412
Hello I am using the free version of BIRT and need to know if there is the ability to secure a parameter being passed on the querystring so that a user may not edit it or see it on the querystring.

While testing I discovered that when one changes a querystring parameter from 25 or 253, they can see the other entities account information.

Thanks,
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4462
    
    6

You need to put more context around this. What does 25 and 253 mean? Who is "they" and who are the "other entities". Just offhand though, this sounds more like a session management issue rather than something specific to BIRT. Maybe information from the query string is being placed into the application scope rather than the session or request scope. Again, need more context.


Junilu - [How to Ask Questions] [How to Answer Questions]
Michele Smith
Ranch Hand

Joined: Oct 27, 2010
Posts: 412
well I found a solution that allows a user of the BIRT reports to be prevented from modifying the url.

you are right, this is about session management.

the current application does not use any sessions, but I need to introduce a session.

Do you think this servlet will work in terms of creating a session for the parameter parentid?

Also second question, how should I introduce this servlet, should I import it on the main servlet that is tied to the xsl page or should I set up a request.dispatcher.

If it would involve request.dispatcher, can you help me to figure out how to code that?

The application also does not use request.dispatcher.

Thanks, here is the code for the servlet.

Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4462
    
    6

Your questions are architectural in nature and I could not honestly answer one way or another based on what you have given. That being said, I am surprised that you are programming servlets directly. On any modern web-based application of significant size and importance, one of the first architectural decisions would be to settle on a framework to use to abstract away most of the intricacies of programming servlets so that you are dealing more with dispatching requests to appropriate business services and creating appropriate views and responses from a high-level point of view rather than from a low-level "plumbing" point of view.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Reporting and QueryStrings