I have a servlet, called 'insert' that inserts data in a db.
At the end of this servlet I have a getRequestDispatcher that sends the user to a page called 'outcome.jsp'. My servlet send also a variable to outcome.jsp with request.setAttribute("Message", "bla bla bla");
In outcome.jsp i have a request.getAttribute("Message"); and i show to the user the value of Message.
On the browser url there's always the url of my servlet (http://www.site.com/insert), so the user could use the reload button of the browser and makes the insert 1000000000 times.
I tried using response.sendRedirect but i cant use request.setAttribute, and i need it to show message about the insert outcome
How can i avoid the url of my servlet is shown on the browser url in order not to allow user to make infinite inserts by using the reload button?
Thank you
Which ever of the two methods you use you will still have the same problem (Even in the case of sendRedirect() by capturing and reproducing the request header by the user ). The check of double inserting should be done separately.
Usually, if you want to disable a double entry from a client, you can create a token and send it to the client. When the client wants to make an insert, you can check if this token is valid and then do the insert (AND then remove token from the valid list).
That is just one of many ways....
Hope this helps
If use response.sendRedirect(), a new request will start so you can not access the data you set for your previous request, to show the data you have to use the query parameter, that will append to URl
response.sendRedirect("/outcome.jsp?Message=bla bla")
In your jsp page you need to read as
request.getParameter("Message")
Related
On Form Submit my url changes from
localhost:8080/Workflow/admin/GetReports?fname=Form1
to
localhost:8080/Workflow/admin/EditReport
Form action is EditReport(Servlet Name).
Now on EditReport i perform the databse operations and forward the request to the GetReports?fname=Formname Servlet using Request Dispatcher.So that i am on the same page which is the first one (1) i started from.
Now Everything works fine on the .jsp page But the url remains unchanged that is the second one (2).
So how to rewrite the url i.e. from admin/EditReport to /admin/GetReports?fname=Form1
Are you using dispatcher.forward because you are setting some Attributes in
the Request?
If not, then you don't need to use Forward. Instead of that, use response.sendRedirect("url for GetReports?fname=Form1")
But If you are setting some Attributes in the request, then I am wondering if your workflow is a correct one because URLs like this "Workflow/admin/GetReports?fname=Form1" should Not be arrived upon after doing some processing. They should be simple HTTP GET requests only.
We have a JSP page and a Servlet page, where we pass the parameters via URL from JSP to Servlet. Below is the JSP link
Allergies
In our servlet, we do some process like below.
int id = Integer.parseInt(request.getParameter("idClient"));
//Do the work
RequestDispatcher d = request.getRequestDispatcher("view.jsp");
d.forward(request,response);
Unfortunately this makes the idClient 100% visible and it is also editable. We have noticed that the user can simply edit the idClient from the URL and access other client information too! Not only that, any one can access anyones info, whether the client is belong to them or not!
How can we stop this?
Get the logged-in user.
Check whether that user is supposed to be able to access this client's details.
If not, return an error page instead of the client details page.
I can't be more specific without knowing the details of your existing code and database structure.
In my application I have used JSON auto suggest functionality to suggest name of user id when stored in cache.
So when ever I try to hit the URL the response is getting back the fully qualified email address, PFB -
Request - https://wwwsampleweb.com/tc/servlet/AjaxServiceServlet?qtc=james*
it is returning the response -
{identifier:'name', items: [ {name:'james.goodlife#abc.com', label:'james.goodlife#abc.com'}]}
How to stop the response when directly accessing the URL?
I have tried to verify the session but this servlet is used for auto sugggesting the username while logging in which means session is not created status. Also we can block the IP but we cannot block all IPs.
Could you please assist me how we can stop this?
Thanks!
I'm missing the value of username-suggesting at a login-form, but anyway;
I assume that you are requesting the data using a GET-request?
If you would like to prevent anyone from accessing the URL directly and retrieving data, you could use a POST-request and then only return data when the page is accessed through a POST-request (optionally combined with the session-check).
Please keep in mind that this is not a bullet-proof way of preventing use.
My Servlet response type is html and my response contains a hyperlink to another web site.So, now i want to capture the information about whether the user clicked the link or not? and also calculate the total clicks? i am using Tomcat 7 as a server.
Is this possible in setting response header (302 or 404)?...
Please Guide me to get out of this issue?
Yes, you can use a 302: instead of providing the link to the other website, you provide a link to your own servlet, do your accounting and then send back a redirection (301/302) http status with the other web-site URL in the response Location header.
This maybe a bit simplistic though, since the user will leave your original page (is this what you want ?) and search engines may not like this if your web app is public.
I think right now you are redirecting the request(link for another website) at client side.In this approach your server cannot get the information about the click.
What you can do create a servlet and call this servlet on click now this servlet is responsible to redirect the request to another website. Add an static integer counter and increment this when servlet call each time.
Use the method setStatus():-
setStatus(HttpServletResponse.SC_FOUND);
or
setStatus(HttpServletResponse.SC_NOT_FOUND);
I have one application where i have three jsp pages, from index.jsp , control goes to process.jsp and after execution control goes to result.jsp to display data. But i want that instead of displaying data in result.jsp, control will go to another url so that that receiver url will get the requested data. that is: my url is 100.20.3.45:8085/myproject/index.jsp then after processing data i want that result should go to a different url of my same network i.e. 100.20.3.46. How can I send the requested data to this different url?
Ex:
100.20.3.45:8085/myproject/index.jsp
goes to
100.20.3.45.8085/myproject/process.jsp
after processing control will go to 100.20.3.46.
How can I send this data to a different url? what is this mechanism called?
It's called "redirecting". It's to be achieved by HttpServletResponse#sendRedirect().
response.sendRedirect(url);
If you want to send additional data along, you'd need send it as request parameter(s) in a query string, but they will be visible in the URL in browser's address bar. If that isn't affordable, consider storing it in a shared datastore (database?) and then pass alone the unique key along.
Alternatively, you can also just let the <form> action URL point to that different host directly without the need for an intermediate JSP. As another alternative, you could also play for proxy yourself with help of for example URLConnection.
Unrelated to the concrete problem: having controller/business logic in JSPs is a bad practice. I suggest to take some time to learn about servlets.
Redirect to URL
window.location.href = "url"
Examples of use
window.location.href = "/process_payment";
var username = #json($username);
window.location.href = '/' + username;
window.location.href = '/{{ $username }}';