File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Checking a href value in servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Checking a href value in servlet" Watch "Checking a href value in servlet" New topic

Checking a href value in servlet

Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41


i have a JSP that has an a href tag :

and in My javascript i am encoding the ID and then submitting the form :-


In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/ (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63874

You can't. From the point of view of the server, the requests are identical.

[Asking smart questions] [About Bear] [Books by Bear]
Pat Farrell

Joined: Aug 11, 2007
Posts: 4659

Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
Manish Sahni
Ranch Hand

Joined: Sep 09, 2009
Posts: 41

Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..

I agree. Here's the link:
subject: Checking a href value in servlet
It's not a secret anymore!