Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 4 of 4

Thread: How to block the JSP being called by GET method

  1. #1
    Junior Member
    Join Date
    May 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy How to block the JSP being called by GET method

    Hi Guys ... I have an existing JSP which is coded like this.

    /<%
    if( (request.getParameter("userid")!=null) && (request.getParameter("token")!=null) ) {

    session.setParameter("USERID", request.getParameter(userid);
    session.setParameter("Token", request.getParameter(token);

    send.redirect(another.jsp);
    }
    /%>

    < ----- here i have the normal HTML contents where i ask for userid from the user
    and upon clicking submit, java script function openwindow() is called ----- >

    function openwindow(){

    < -- here i open a modal window which calls a URL with userid (get method)
    and as return value i get userid and token back.
    Now i set this to document.Parent.userid and document.Parent.token --- >

    document.Parent.userid = retval.userid;
    document.Parent.token = retval.token;
    Parent.submit();
    }

    With the above mentioned JSP, I face a problem that when I invoke the JSP using sample.jsp?userid=dhfgd&token=dhdhd, the control directly goes to another.jsp since the request parameters are set.

    To avoid this, kindly suggest me a probable solution without making much changes in code. Thanks in advance


  2. #2
    Member
    Join Date
    Feb 2014
    Posts
    180
    Thanks
    0
    Thanked 48 Times in 45 Posts

    Default Re: How to block the JSP being called by GET method

    I'm not sure if I completely understand your question... Are you asking for the way to disable GET requests to a JSP file so that the userid and token parameters cannot be provided to the JSP file via URL query string, but can be provided as POST parameters?

    If that's the question, then you can either set up a security constraint in the web application's deployment descriptor (web.xml), or add a servlet filter to filter out GET requests. Details at How to disable GET requests to JSP page? - Stack Overflow. Internet search term used: "jsp disable get".

  3. #3
    Junior Member
    Join Date
    May 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: How to block the JSP being called by GET method

    Hi Jash.. Thanks for your response. Yes that's my query. I tried following the steps mentioned in - How to disable GET requests to JSP page? - Stack Overflow. Tried it in my resin 2.1.3 but was not able to achieve it( Guess it was not picking my web.xml)

    However, if we block "GET" requests specifically using filter, will it not block even the invocation of sample.jsp page itself since by default the request is GET.

    Please correct me if i am wrong. I just tried this way.

    In my servlet code, i tried printing the response type. When i checked the log output, everytime it is GET method call. i.e when i invoke the JSP normally ( without any request parameters as part of URL ). so will it not block even the invocation of the JSP itself.
    Last edited by aswinraj11; May 22nd, 2014 at 11:31 PM. Reason: data was saved twice.

  4. #4
    Junior Member
    Join Date
    May 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: How to block the JSP being called by GET method

    I resolved it by checking whether the same is GET or post inside success of request.getParameter if case. Blocked it when the request is GET. Thanks for your suggestion.

Similar Threads

  1. Method returns empty stack when called
    By pyler in forum What's Wrong With My Code?
    Replies: 5
    Last Post: October 7th, 2013, 06:46 PM
  2. help me to create Block Breaker (using OOP method)
    By gelzkie22 in forum Object Oriented Programming
    Replies: 2
    Last Post: September 25th, 2013, 03:21 AM
  3. equals method is never called
    By justme1 in forum What's Wrong With My Code?
    Replies: 1
    Last Post: April 7th, 2013, 12:39 AM
  4. toggle colors from an array when the method is called.
    By samjoyboy in forum What's Wrong With My Code?
    Replies: 3
    Last Post: November 16th, 2012, 06:00 PM
  5. Replies: 4
    Last Post: June 15th, 2012, 02:50 PM

Tags for this Thread