user1873196
user1873196

Reputation: 67

Hide querystring parameters from url in response.sendRedirect

I have a java servlet that is redirecting to a web application on a different server.

I was wondering if there is a way to hide the querystring parameters, so they are not visible to the client in the address bar.

response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1&parameter2=value2");

Is there a way to force the sendRedirect to POST to the page and hide the querystring?

Edit: use case.

Clearly, sendRedirect() is not what I want. What would be the best way to handle this?

Upvotes: 1

Views: 5083

Answers (4)

user12962754
user12962754

Reputation: 1

I found a way for hiding any string from Java or Android project with concept of inner classes using proguard to hide them a class is my server side processing

Upvotes: 0

Jigar Joshi
Jigar Joshi

Reputation: 240996

You can forward the request from server side and then at the end redirect to some other page

Upvotes: 0

SJuan76
SJuan76

Reputation: 24895

You could connect to the other server from your servlet (HttpConnection) and copy the returned data. The user will only see your server.

An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.

Upvotes: 0

Tomasz Nurkiewicz
Tomasz Nurkiewicz

Reputation: 341003

No, you can't use POST in this scenario. When calling sendRedirect() this is what you send back to the client:

HTTP/1.1 302 Found
Location: http://www.mywebapp.com/login.html?parameter1=value1&parameter2=value2

Browser interprets this and points user to that location.

Something tells me (maybe login.html name and two parameters) that you want to automatically login user on some web site). Don't go this way, sending username/password (both using GET parameters and inside POST) is really insecure.

Without knowing much about your use case it's probably the best solution to call http://www.mywebapp.com/login.html from your servlet, parse the response and return it to the user (so he will never really see mywebapp in his browser.

Upvotes: 1

Related Questions