code to hide the url using servlet filter

You cannot totally hide the URL, because the browser must have some URL to be viewing. However, you can use a servlet filter that alters the contents of the URL so the user sees something different in their address bar than what page is served to them. But why are you concerned if a user sees the URL? How else are they going to interact with your web application?

~ mellamokb

You cannot totally hide the URL, because the browser must have some URL to be viewing. However, you can use a servlet filter that alters the contents of the URL so the user sees something different in their address bar than what page is served to them. But why are you concerned if a user sees the URL? How else are they going to interact with your web application?

~ mellamokb

Thank u for the reply.............can u say how to alert the URL contents using the servlet filter....my PL told me that someone do hacking if they are able to see the URL......ok.........
Thank uuuuuuuuuuuuu............................

Hi,

The problem with a servlet filter (as a Url rewriter) is that you are not changing what Url the user sees, but you are changing how the Url is processed. If you want to change what the user sees, you need to change where you link to in the first place. There are a few common methods of hiding information, i.e., passing it from page to page without involving the Url, that you should look into.

1) Using session-based storage.

session.setAttribute("name", value);
String exforsys = (String) session.getAttribute("name");

( http://www.exforsys.com/tutorials/jsp/jsp-implicit-and-session-objects.html )

2) Using a server-side post.

try
{
    String stuff = null;
    String pagecontent = "";
    String parameters = "&message=hello+world&";
    java.net.URL url = new java.net.URL([url]http://www.yourhost.com/page.cfm);[/url]
    java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection();
    conn.setRequestMethod("POST");
    conn.setRequestProperty("Content-Length", "" + Integer.toString(parameters.getBytes().length));
    conn.setRequestProperty("Content-Language", "en-US"); 
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    conn.setDoInput(true); 
    conn.setDoOutput(true); 
    conn.setUseCaches(false); 
    conn.setAllowUserInteraction(true);
    java.io.DataOutputStream printout = new java.io.DataOutputStream (conn.getOutputStream ());
    printout.writeBytes (parameters);
    printout.flush ();
    printout.close ();
    java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream())); 
    while ((stuff = in.readLine()) != null)
    {
         pagecontent += stuff; 
    }
    in.close(); 

    %>success! <%
}
catch (Exception e) 
{
    %>error!<%
}
%>

( http://www.schwabe.net/blog/1/2007/01/Server-side-HTTP-Post-using-JSP.cfm )

For instance, if you have page abc.jsp, and the page needs to submit a username and password to def.jsp, you should use a POST rather than a GET.

For another example, if you want to display information about the user that is currently logged in, but users can only view their own information, you would not want to have a Url like ViewUser.jsp?userId=133, because a savvy user could just change the Url to ViewUser.asp?userId=134, and view another profile. In this situation, you would just need to make sure for every page that you identify whether or not the person viewing the page should indeed have access before you serve the page. I've never used a servlet filter, but I assume it could be used for this purpose, i.e., take a request in the filter and authenticate it, or check if the currently logged user should have access to this page. If not, send the user to login.jsp, or send them to a page that tells them they accessed the page in error.

I had assumed that you wanted to use a servlet filter as a Url rewriter, but that would serve you no good in these examples, simply because, as I said before, you can just change the request Url, not what actually gets processed. You should look into using Session variables, server-side posts, and/or authenticating all pages before serving them. If you want more detailed information about servlet filters, you are on your own because I have never used them before.

Hope this helps.

mellamokb

thank for u r reply..........it is more useful for me...............thank u once again.........

> my PL told me that someone do hacking if they are able to see the URL

Then your PL doesn't know what he is talking about. You don't achieve security by *hiding* URL's but by having a robust security framework in place for your application. Java, of all the languages out there has excellent security support. A little bit of research should get your started in the right direction.

hi!
In my project ,the url should not be shown to the user.I want to hide it using servlet filter.
Can anyone help me ,how to achieve this task...........thank u......

Put before it

hi i want send an url to the blackberry mobile..,the user should not understand the url from which server he is downloading..,Is it possible?If yes How?

hi i want send an url to the blackberry mobile..,the user should not understand the url from which server he is downloading..,Is it possible?If yes How?

You can try to hide the URL for a casual user by using a URL shortening service like http://goo.gl/ . If you can't use public services, you can create a simple servlet which mimics these shortening services. This would result in the user not having the original URL but the miniature version which redirects to the original one.

If your end goal is to *completely* hide all the details, you can again set up a servlet which takes the real path of a resource and streams it to the client. For e.g. this servlet would be responsible for mapping http://yoursite.net/img/x3434 to a "sad-smiley.jpg" etc.

If you can extrapolate on the kind of "hiding" you are looking for, maybe I can suggest more solutions.