Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.help > #2710

Preventing Typed URLs From Being Used

From Steve <tinker123@gmail.com>
Newsgroups comp.lang.java.help
Subject Preventing Typed URLs From Being Used
Date 2013-05-08 16:28 -0400
Organization A noiseless patient Spider
Message-ID <kmecaj$n92$1@dont-email.me> (permalink)

Show all headers | View raw

Hi,

My boss asked me to alter our Java Webapp such that users cannot go to 
places in our Webapp by typing URLs into their browser location bar.

I told her that I can not disable their location bars.

I told her the way this is usually done is to launch a WebApp in a new 
customized browser window sans a location bar.

That was not acceptable to her.

I already have a Java Filter class set up to enforce various rules.  So, 
I was thinking of this approach


1. Implement a system wide "writeFlagCookie" javascript function to 
write a cookie anytime a user initiates a GET by clicking on a link or a 
button.

2. Everywhere the WebApp does a redirect or a forward, put a flag 
variable, say "wasRedirected" into the HTTP session.

3. In my Filter, intercept each request and check for the request type.

4. If it is a POST, I know a human didn't type the URL into their 
browser, so I automatically let it through.

5. If it is a GET, look for a javascript generated cookie, or the flag
stored in the session to indicate a redirect or a forward.  If I find 
neither send the user back to the page they just tried to leave from.


Though it will be a lot of work, it sounds too simple to be adequate.

Is there anyway this approach can bite me in the ass?

Any other constructive thoughts?

Thanks

Steve

Back to comp.lang.java.help | Previous | NextNext in thread | Find similar | Unroll thread

Thread

Preventing Typed URLs From Being Used Steve <tinker123@gmail.com> - 2013-05-08 16:28 -0400
  Re: Preventing Typed URLs From Being Used Daniel Pitts <newsgroup.nospam@virtualinfinity.net> - 2013-05-08 13:42 -0700
    Re: Preventing Typed URLs From Being Used Steve <tinker123@gmail.com> - 2013-05-08 16:47 -0400
      Re: Preventing Typed URLs From Being Used Daniel Pitts <newsgroup.nospam@virtualinfinity.net> - 2013-05-09 07:58 -0700

csiph-web