Reputation: 617
Hide parameters in the url, using Java Play Framework
Is it possible to hide url parameters in Java Play Framework 2.x? I found a simular question but he wanted to hide them to stop url hacking. So he got other answers/solutions than hide the url.
The thing is that I have some "info objects", that has an ID that I need to pass to several actions, jquery and so on, so I need to have it in the url. But I don't want any user to see the ID's.
For example I have this conf:
GET /deliverablegraph controllers.Application.deliverable_graph(id:Long,contextId:Long)
That is showed like ../deliverablegraph?id=xxxx&contextId=yyyy
I only want to show ../deliverablegraph, but need access to the id and contextId.
Upvotes: 0
Views: 1603
Answers (1)
Reputation: 3381
I had a similar problem about hiding parameters in the URL and I hope my solution helps you in a way. The only difference is that I didn't want to pass through extremely long URL parameters because I needed to pass through JSON data. Unlike your issue where you don't want to pass through secret information.
So I did what estmatic said in his comment about placing the information in a hidden form field:
<form class='someDynamicForm' method='post' action='@routes.Application.function()'>
<textarea name="jsonHolder" style="display: none">
"Used javascript to insert the data I want in here"
</textarea>
</form>
For more flexibility you don't have to use a button to submit. Whenever you're ready to submit the form you can always call the javascript code document.someDynamicForm.submit();
Now at the controller end, you can retrieve the information in the textarea by doing:
public static Result function() {
DynamicForm dynamicForm = DynamicForm.form().bindFromRequest();
String jsonData = dynamicForm.get("jsonHolder");
return;
}
And then in your routes file make sure to speficy:
POST /json controllers.Application.function()
The downside here is that you want your IDs to be a secret. All the "hacker" has to do then is do a right-click -> view page source and they can see the information in the hidden textfield.
Another solution that I have done to pass along information throughout the web session is use Play's built in Session http://www.playframework.com/documentation/2.1.x/JavaSessionFlash
Have you looked into using something like that? Since it seems like you'll be using the user's ID a lot, saving their ID information in the Session (which ultimately is exposed in their cookies) might be something to look into.
Upvotes: 2
Related Questions
- Optional parameter with url rewriting in play 2.4
- URL Parameter and routing configuration
- how to pass parameters in url without showing in url in playframework
- How to route map-like parameters in GET request with Play
- Ignoring parameters in routes
- Play 2.2 optional url parameters not working
- Play Framework - Variables in URL instead of as ? parameters
- Passing dynamic value to the routes URI
- Pass parameter value in routes?
- Java Play Framework Hidden Url Routes