Reputation: 67
I have a java servlet that is redirecting to a web application on a different server.
I was wondering if there is a way to hide the querystring parameters, so they are not visible to the client in the address bar.
response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2");
Is there a way to force the sendRedirect to POST to the page and hide the querystring?
Edit: use case.
Clearly, sendRedirect() is not what I want. What would be the best way to handle this?
Upvotes: 1
Views: 5083
Reputation: 1
I found a way for hiding any string from Java or Android project with concept of inner classes using proguard to hide them a class is my server side processing
Upvotes: 0
Reputation: 240996
You can forward the request from server side and then at the end redirect to some other page
Upvotes: 0
Reputation: 24895
You could connect to the other server from your servlet (HttpConnection
) and copy the returned data. The user will only see your server.
An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.
Upvotes: 0
Reputation: 341003
No, you can't use POST in this scenario. When calling sendRedirect()
this is what you send back to the client:
HTTP/1.1 302 Found
Location: http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2
Browser interprets this and points user to that location.
Something tells me (maybe login.html
name and two parameters) that you want to automatically login user on some web site). Don't go this way, sending username/password (both using GET parameters and inside POST) is really insecure.
Without knowing much about your use case it's probably the best solution to call http://www.mywebapp.com/login.html
from your servlet, parse the response and return it to the user (so he will never really see mywebapp
in his browser.
Upvotes: 1