wood burning stoves 2.0*
The moose likes Servlets and the fly likes Checking a href value in servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Checking a href value in servlet" Watch "Checking a href value in servlet" New topic
Author

Checking a href value in servlet

Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41

Hi,

i have a JSP that has an a href tag :



and in My javascript i am encoding the ID and then submitting the form :-

'



In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573== (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-
http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573==

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60810
    
  65

You can't. From the point of view of the server, the requests are identical.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41

Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..


 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Checking a href value in servlet
 
Similar Threads
This is my problem....
Tomcat 4.0.1 - Servlet not found
Tomcat installation on Windows2000 Server
how to change the URL
HTTP POST-Method not supported by this URL.