aspose file tools*
The moose likes Servlets and the fly likes Checking a href value in servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Checking a href value in servlet" Watch "Checking a href value in servlet" New topic
Author

Checking a href value in servlet

Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41

Hi,

i have a JSP that has an a href tag :



and in My javascript i am encoding the ID and then submitting the form :-

'



In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573== (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-
http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573==

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

You can't. From the point of view of the server, the requests are identical.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41

Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..


 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Checking a href value in servlet