Say for example I have a servlet named FooServlet, mapped to /foo.
There are two other servlets named BarServlet and CarServlet, mapepd to /bar and /car, respectively.
Now, if a user does a direct access to www.example.com/foo, they should be rejected. BUT if the request comes from a forward on /bar or /car, I will allow access to /foo.
Is this possible?
Yes, see this question: Java get referer URI?
You can check the referer header in the request to make sure they are coming from one of your other servlets.
You can use the request object to decide.
For ex :
Use request.getContextPath() to fetch the "/foo", "/bar" or "/car" and decide whether to allow the access or not.
Related
I'm working with servlets in java; I'm trying to forward from one servlet to another servlet.
I also want to pass an attribute to that other servlet.
When i want to forward to a JSP, it works fine. i do
request.setAttribute("attrName", attribute)
request.getRequestDispatcher("forward.jsp").forward(request, response);
But When I do the same with a servlet:
request.setAttribute("attrName", attribute)
request.getRequestDispatcher("TheServlet").forward(request, response);
My server freaks out and I get the following error:
javax.servlet.ServletRequestWrapper.isAsyncStarted(ServletRequestWrapper.java:395)
I know I can use the following line to redirect to a servlet:
response.sendRedirect("TheServlet");
But for some reason the set Attribute doesn't work when I redirect instead of forward.
redirect is a HTTP response sent to the browser requesting it to submit a new request to the specified URL. Since it results in issuing an entirely new request previous request attributes you set wont be available in the new request.
In terms of forwarding to a servlet, did you check your web.xml configuration. Is it setup so that the forwarded servlet is seeing forwarded requests ?
You could save the attribute to the session in the first servlet and access it from the second.
Use http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getSession()
Also you could pass the attribute value in the URL query string in the redirect. So your redirect URL would look like 'myRedirectUrl?attributeName=attributeValue'
Also additionally try using 'include' method rather than 'forward'.
I have a web application written in Java which uses Struts 1.0. Sometimes when a URL is fired, I can see that it one of the request parameters does not have any name and value like the following ...
http://www.aaa.com/test.do?a=1&b=2&=&d=4&e=5
As can be seen, there is a '&=' which is essentially a parameter with no name and value. I'd like to remove this part from the URL before sending the request to the server. How can I achieve this? Should I use a filter or is there an easier way?
Is there an easy way to forward my appspot domain to my domain. Basically redirect myappid.appspot.com to myappid.com. If people somehow find the appspot domain I don't want them using it.
I am already showing the same application at both domains. I just don't want users to be able to use the application at myappid.appspot.com.
What you need is a Servlet Filter to redirect. This thread gives you the details: How to use a servlet filter in Java to change an incoming servlet request url?
Just so the answer is here to easily find. I added the code below to a filter that runs on every page request.
if(((HttpServletRequest) req).getServerName().contains("appspot.com")){
((HttpServletResponse) resp).sendRedirect("http://"+((HttpServletRequest) req).getServerName().replace("myappid.appspot.com", "myappid.com") + ((HttpServletRequest) req).getRequestURI());
}
Hi I was just curious when is the doPut() method in a servlet called. I know that if the form on a jsp/html page has a "post" method then the doPost() is called otherwise if it has a "GET" then the doGet() is called.When is the doPut() called ??
When an HTTP PUT request is received, naturally.
Can a page do a PUT request by code?
The only valid method attribute values of a <form> are get and post, according to the HTML5 spec. I assume that's what you're asking.
The doPut() method handles requests send by using the HTTP PUT method. The PUT method allows a client to store information on the server. For an example, you can use it to post an image file to the server. As the above answer says, goGet() and doPost() are in use, mostly. In my case, I use only these two, and I am getting only get requests, so I simply transfer the get request to doPost() and do my job easily.
if you want to send some confidential values in url via form you must use the post method, If you will use the get method for the form like login the values parameters like userid and password will be visible in url and anyone can hack that thing. So better to use post method in forms. By default it will call get method.
in get the url is like http://url?method=methodname&userid=123&password=123
so if you use post method the url will be like this http://url/methodname.do
I want to allow users to create groups in my application and access them via URL. For example, if you made a group called "sweethatclub," you could access it at http://mysite.com/sweethatclub. Of course, the same code will run for /sweethatclub and /drillteam and even /students/yearbook
I'm running in a Java servlet environment, and can't quite get the paths to align for this. I can write a filter that intercepts all requests and adds information to the request by parsing the URL, but then I want to run the code of an index.jsp. I don't want to map index.jsp to all URLs, because, for example, /images/smiley.jpg still needs to respond the with appropriate file instead of index.jsp.
Is there a way to send all requests to a servlet, unless the request is matched by a plain-old file? Or, is there some other way to accomplish what I want here?
Please let me know if I need to supply more information. I'm new to this environment.
The URL patterns in the web.xml are not supposed to be smart enough to figure out target URL's nature. If you can tolerate it, the easiest way would be to place all the user specified paths under a a well known root... someplace separate from the static files. So you end up with user specified paths like http://mysite.com/sites/sweethatclub.
Alternatively, you can move all your static content under http://mysite.com/static/, and set up the servlet mappings or filters to treat anything starting with 'static' different from the dynamic URL space.
If you are in a Unix invironment, you could just create all the "group sites" as virtual directories that just point to your default one.
Map the servlet on a specific URL pattern
<url-pattern>/groups/*</url-pattern>
Put all static content in a common folder, e.g. /static and fix all URLs in the pages to point to that URL instead.
Create a filter which is mapped on
<url-pattern>/*</url-pattern>
and does the following job in doFilter() method
String uri = ((HttpServletRequest) request).getRequestURI();
if (uri.startsWith("/static/")) {
chain.doFilter(request, response); // Goes to default servlet.
} else {
request.getRequestDispatcher("/groups" + uri).forward(request, response);
}
No, this does not end up with /groups in browser address bar URL. It's fully transparent. You can if necessary make "/static" and/or "/groups" an <init-param> of the filter so that it's externally configureable.