Redirect or forward in web application

Question

Hi All

I have a requirement like, from some web page on some event user will redirect to MyApp's login page with some parameter. I want to test MyApp is able to get that parameter or not. To test that i made another app in which i am using (code is below ). But this is showing parameter in url which i don't want. I also want to know what other ways are there to redirect/forward to some another url with parameter ( parameter should be hidden hiddn ).

<% response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); response.setHeader("Location","http://localhost:8080/MyApp/login/login.jsf?user_id=inc&reference_id=123456789"); %>

THANKS

Answer 1

It's not possible to do POST redirects, so you can't just redirect with a POST from your scriptlet.

What you can do is:

• Build an HTML form in POST with the parameters that you want to pass, but remember, the POST perceived security is brittle, since with a tool like firebug anyone can see those variables (or they can just look at the html source).

• A way around the problem is use encryption or one time passwords (that last for a session). I used this way, to connect seamlessly a Java application with PHP. If you're interested I could look it up and share the details of that solution.

Answer 2

First of all, do not use scriptlets. If you dont want to see the parameter in the URL, don't send it with the URL. You can do a POST submit or pass it as a hidden variable from your page.