CODEWITHSUNDEEP
jsphttp-redirectpostget
Bernice
Bernice

Reputation: 2592

Can sendRedirect() act as a post method instead of get? - jsp/servlets

I have a simple form which accepts a username and a password. I have to use sendRedirect() method for the page to redirect to one page if log in is valid and to another if not. I need to use sendRedirect() and not forward() since the other pages are located in another server. I noticed that when using

response.sendRedirect(response.encodeRedirectURL("FileName.jsp?paramName=" +value));

the sendRedirect() is using the GET method since name=value are being shown in the URL. This is not desirable for me since I don't want these values to show in the URL for safety reasons.

Is there a way to POST these values using sendRedirect() ? I tried to do a form with method POST which hides the values I need but still no luck

What can I do please? Thanks :)

Upvotes: 21

Views: 61415

Answers (7)

David Abragimov
David Abragimov

Reputation: 544

response.sendRedirect is using GET. You can do JavaScript workaround for sending POST redirect from servlet.

   public final void handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {


   //  GET Redirect
    //response.sendRedirect(url + "?parameter_name=" + parameter_value);

    //POST redirect through JS
    String htmljs_code = "<!DOCTYPE html><html><head></head><body><script>var form = document.createElement('form'); document.body.appendChild(form); form.method = 'post'; form.action = '" +
              url + "'; var input = document.createElement('input'); input.type = 'hidden'; input.name = 'parameter_name'; input.value ='" +
                    parameter_value + "'; form.appendChild(input);form.submit();</script></body>";

    response.getOutputStream().println(htmljs);

}

Upvotes: 0

Daniel Kennedy
Daniel Kennedy

Reputation: 718

use javascript

$('#inset_form').html('<form action="FlowService" name="form" method="post" style="display:none;"><input type="hidden" name="idapp" value="' + idApp + '" /></form>');
        document.forms['form'].submit();

Upvotes: 2

a.b
a.b

Reputation: 9574

This is kinda old, but here I've succesfully run this:

response.setStatus(307); //this makes the redirection keep your requesting method as is.
response.addHeader("Location", "http://address.to/redirect");

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.8 for explanation of HTTP 307 status code.

Upvotes: 13

cubbuk
cubbuk

Reputation: 7920

Use sendredirect without giving any parameters, and hide those parameters in a session-scoped servlet, and if you need those parameters in the redirected page, use them through this servlet.

Upvotes: 0

Suresh Atta
Suresh Atta

Reputation: 121998

Check out this once :

String url = "http://www.mysite/servlets/theServlet";
RequestDispatcher dispatcher = servletContext().getRequestDispatcher(url);
dispatcher.forward(request, response);

Upvotes: 0

JB Nizet
JB Nizet

Reputation: 691755

No, it's not possible. The only (dirty) workaround I see is to forward to an internal page containing a hidden form (with method POST) and a JavaScript script submitting this form.

Upvotes: 16

ThiefMaster
ThiefMaster

Reputation: 318518

No, a HTTP redirect will always use GET for the target page.

However, POST data are not much safer than GET data anyway. The user can still tamper with them. Store them in the session instead.

Upvotes: 0

Related Questions