aspose file tools*
The moose likes Servlets and the fly likes Checking a href value in servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Checking a href value in servlet" Watch "Checking a href value in servlet" New topic
Author

Checking a href value in servlet

Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 37

Hi,

i have a JSP that has an a href tag :



and in My javascript i am encoding the ID and then submitting the form :-

'



In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573== (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-
http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573==

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60057
    
  65

You can't. From the point of view of the server, the requests are identical.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 37

Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..


 
Don't get me started about those stupid light bulbs.
 
subject: Checking a href value in servlet
 
Similar Threads
Tomcat 4.0.1 - Servlet not found
HTTP POST-Method not supported by this URL.
Tomcat installation on Windows2000 Server
This is my problem....
how to change the URL