 |  |  |  |  |  |  |  |
code to hide the url using servlet filter
Please support our JSP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
hi!
In my project ,the url should not be shown to the user.I want to hide it using servlet filter.
Can anyone help me ,how to achieve this task...........thank u......
In my project ,the url should not be shown to the user.I want to hide it using servlet filter.
Can anyone help me ,how to achieve this task...........thank u......
You cannot totally hide the URL, because the browser must have some URL to be viewing. However, you can use a servlet filter that alters the contents of the URL so the user sees something different in their address bar than what page is served to them. But why are you concerned if a user sees the URL? How else are they going to interact with your web application?
~ mellamokb
~ mellamokb
•
•
•
•
Originally Posted by mellamokb 
You cannot totally hide the URL, because the browser must have some URL to be viewing. However, you can use a servlet filter that alters the contents of the URL so the user sees something different in their address bar than what page is served to them. But why are you concerned if a user sees the URL? How else are they going to interact with your web application?
~ mellamokb
Thank u for the reply.............can u say how to alert the URL contents using the servlet filter....my PL told me that someone do hacking if they are able to see the URL......ok.........
Thank uuuuuuuuuuuuu............................
Hi,
The problem with a servlet filter (as a Url rewriter) is that you are not changing what Url the user sees, but you are changing how the Url is processed. If you want to change what the user sees, you need to change where you link to in the first place. There are a few common methods of hiding information, i.e., passing it from page to page without involving the Url, that you should look into.
1) Using session-based storage.
session.setAttribute("name", value);
String exforsys = (String) session.getAttribute("name");
(http://www.exforsys.com/tutorials/js...n-objects.html)
2) Using a server-side post.
try
{
String stuff = null;
String pagecontent = "";
String parameters = "&message=hello+world&";
java.net.URL url = new java.net.URL(http://www.yourhost.com/page.cfm);
java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Length", "" + Integer.toString(parameters.getBytes().length));
conn.setRequestProperty("Content-Language", "en-US");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setUseCaches(false);
conn.setAllowUserInteraction(true);
java.io.DataOutputStream printout = new java.io.DataOutputStream (conn.getOutputStream ());
printout.writeBytes (parameters);
printout.flush ();
printout.close ();
java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
while ((stuff = in.readLine()) != null)
{
pagecontent += stuff;
}
in.close();
%>success! <%
}
catch (Exception e)
{
%>error!<%
}
%>
(http://www.schwabe.net/blog/1/2007/0...-using-JSP.cfm)
For instance, if you have page abc.jsp, and the page needs to submit a username and password to def.jsp, you should use a POST rather than a GET.
For another example, if you want to display information about the user that is currently logged in, but users can only view their own information, you would not want to have a Url like ViewUser.jsp?userId=133, because a savvy user could just change the Url to ViewUser.asp?userId=134, and view another profile. In this situation, you would just need to make sure for every page that you identify whether or not the person viewing the page should indeed have access before you serve the page. I've never used a servlet filter, but I assume it could be used for this purpose, i.e., take a request in the filter and authenticate it, or check if the currently logged user should have access to this page. If not, send the user to login.jsp, or send them to a page that tells them they accessed the page in error.
I had assumed that you wanted to use a servlet filter as a Url rewriter, but that would serve you no good in these examples, simply because, as I said before, you can just change the request Url, not what actually gets processed. You should look into using Session variables, server-side posts, and/or authenticating all pages before serving them. If you want more detailed information about servlet filters, you are on your own because I have never used them before.
Hope this helps.
~ mellamokb
The problem with a servlet filter (as a Url rewriter) is that you are not changing what Url the user sees, but you are changing how the Url is processed. If you want to change what the user sees, you need to change where you link to in the first place. There are a few common methods of hiding information, i.e., passing it from page to page without involving the Url, that you should look into.
1) Using session-based storage.
session.setAttribute("name", value);
String exforsys = (String) session.getAttribute("name");
(http://www.exforsys.com/tutorials/js...n-objects.html)
2) Using a server-side post.
try
{
String stuff = null;
String pagecontent = "";
String parameters = "&message=hello+world&";
java.net.URL url = new java.net.URL(http://www.yourhost.com/page.cfm);
java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Length", "" + Integer.toString(parameters.getBytes().length));
conn.setRequestProperty("Content-Language", "en-US");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setUseCaches(false);
conn.setAllowUserInteraction(true);
java.io.DataOutputStream printout = new java.io.DataOutputStream (conn.getOutputStream ());
printout.writeBytes (parameters);
printout.flush ();
printout.close ();
java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
while ((stuff = in.readLine()) != null)
{
pagecontent += stuff;
}
in.close();
%>success! <%
}
catch (Exception e)
{
%>error!<%
}
%>
(http://www.schwabe.net/blog/1/2007/0...-using-JSP.cfm)
For instance, if you have page abc.jsp, and the page needs to submit a username and password to def.jsp, you should use a POST rather than a GET.
For another example, if you want to display information about the user that is currently logged in, but users can only view their own information, you would not want to have a Url like ViewUser.jsp?userId=133, because a savvy user could just change the Url to ViewUser.asp?userId=134, and view another profile. In this situation, you would just need to make sure for every page that you identify whether or not the person viewing the page should indeed have access before you serve the page. I've never used a servlet filter, but I assume it could be used for this purpose, i.e., take a request in the filter and authenticate it, or check if the currently logged user should have access to this page. If not, send the user to login.jsp, or send them to a page that tells them they accessed the page in error.
I had assumed that you wanted to use a servlet filter as a Url rewriter, but that would serve you no good in these examples, simply because, as I said before, you can just change the request Url, not what actually gets processed. You should look into using Session variables, server-side posts, and/or authenticating all pages before serving them. If you want more detailed information about servlet filters, you are on your own because I have never used them before.
Hope this helps.
~ mellamokb
•
•
Join Date: Jun 2006
Posts: 7,649
Reputation: 
Solved Threads: 474
> my PL told me that someone do hacking if they are able to see the URL
Then your PL doesn't know what he is talking about. You don't achieve security by *hiding* URL's but by having a robust security framework in place for your application. Java, of all the languages out there has excellent security support. A little bit of research should get your started in the right direction.
Then your PL doesn't know what he is talking about. You don't achieve security by *hiding* URL's but by having a robust security framework in place for your application. Java, of all the languages out there has excellent security support. A little bit of research should get your started in the right direction.
Last edited by ~s.o.s~; Jan 13th, 2008 at 5:37 am.
I don't accept change; I don't deserve to live.
Jo Tujhe Jagaaye, Nindein Teri Udaaye Khwaab Hai Sachcha Wahi.
Nindon Mein Jo Aaye Jise To Bhul Jaaye Khawab Woh Sachcha Nahi.
Khwaab Ko Raag De, Nind Ko Aag De
Jo Tujhe Jagaaye, Nindein Teri Udaaye Khwaab Hai Sachcha Wahi.
Nindon Mein Jo Aaye Jise To Bhul Jaaye Khawab Woh Sachcha Nahi.
Khwaab Ko Raag De, Nind Ko Aag De
•
•
•
•
Originally Posted by Raghu D
hi!
In my project ,the url should not be shown to the user.I want to hide it using servlet filter.
Can anyone help me ,how to achieve this task...........thank u......
Dear all,
Please click here, to help me
Please register and start surfing ads daily.
Thanks to all who will do that for me!
Please click here, to help me
Please register and start surfing ads daily.
Thanks to all who will do that for me!
|
Other Threads in the JSP Forum
- Previous Thread: pass variable with space
- Next Thread: Jsp Xslt
Views: 7864 | Replies: 6
| Thread Tools | Search this Thread |
Latest JSP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for JSP
apache array backbutton combobox comma connection csv database development directorystructure dropdownlist dynamicpagetitles eclipse frames glassfish ie8 imagetodatabse imageupload integer internet java javaee javascript jsf jsp jsppagetitles levels mvc2 mvcmodel2 mysql netbeans network parameters passing ping printinserverinsteadofclient project read redirect request.getparameter response seperated servlet servletdopost()readxml sessions software sql ssl state_saving_method stocks sun tomcat tutorial update values video web write
