Hidden Fields in Java Servlets - help!!!

D

Dan

Okay -

Pardon if this is a newbie question... but this has been driving me
nuts.

I am trying to pass a simple hidden field from one servlet to another
servlet... .this is to prevent the second page from being displayed
directly - you have to go through the first page to get to the second
page.

I am using IBM Websphere Studio Application Developer Ver 5.1.2.

Below is my script for my first servlet (the one that you first go to)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet.java</title></head>" +
"<body>" +

"<form action=\"/MyWebApp/DirectIt1Servlet2\" method=\"get\"`>" +
"<input type=\"hidden\" name=\"sw\" value=\"y\">" +
"</form>" +

said:
below:<br />" +
"<br />" +
"<a href=\'http://localhost:9080/MyWebApp/DirectIt1Servlet2'>Link" +
"</a>" +
"</body></html>");
}
public void init() throws ServletException
{
super.init();
}

Below is the script to the second servlet (the one that is looking for
that parameter)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
if(req.getParameter("sw")==null)
{
resp.sendRedirect("http://localhost:9080/MyWebApp/
DirectIt1Servlet");
}
else
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet2.java</title></head>" +
"<body>" +
"<p>Congrats! You made it<br />" +
"</body></html>");
}
}

What the hell am I doing wrong? It keeps reading in sw as null, no
matter what I type.
 
H

Hosam Aly

Okay -

Pardon if this is a newbie question... but this has been driving me
nuts.

I am trying to pass a simple hidden field from one servlet to another
servlet... .this is to prevent the second page from being displayed
directly - you have to go through the first page to get to the second
page.

I am using IBM Websphere Studio Application Developer Ver 5.1.2.

Below is my script for my first servlet (the one that you first go to)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet.java</title></head>" +
"<body>" +

"<form action=\"/MyWebApp/DirectIt1Servlet2\" method=\"get\"`>" +
"<input type=\"hidden\" name=\"sw\" value=\"y\">" +
"</form>" +

"<p>" + "Below is a button link to the correct page that you want.
You cannot get there any other way besides clicking on the link <br />below:<br />" +

"<br />" +
"<a href=\'http://localhost:9080/MyWebApp/DirectIt1Servlet2'>Link" +
"</a>" +
"</body></html>");
}
public void init() throws ServletException
{
super.init();
}

Below is the script to the second servlet (the one that is looking for
that parameter)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
if(req.getParameter("sw")==null)
{
resp.sendRedirect("http://localhost:9080/MyWebApp/
DirectIt1Servlet");
}
else
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet2.java</title></head>" +
"<body>" +
"<p>Congrats! You made it<br />" +
"</body></html>");
}
}

What the hell am I doing wrong? It keeps reading in sw as null, no
matter what I type.

You're problem looks simple. When your user clicks the hyperlink you
provide in the first page, the user is simply navigating to your
second servlet. The browser wouldn't send a parameter for such a
simple navigation unless it is already in the URL (i.e. "GET"
parameter).

You need to change your code to "submit" the form. For example, don't
provide the users with a direct URL, but instead provide them with a
button that they can click to take them to the next page, and make the
button of type "submit" (and put it inside the form).

However, if you are concerned about security, I suggest you look for
other ways to do it, because anyone can simply view the source of your
page and find out the parameter you are sending.
 
K

kcwong

<snip>

This is what your first servlet outputs:

<html>
<head><title>DirectIt1Servlet.java</title></head>
<body>
<form action="/MyWebApp/DirectIt1Servlet2" method="get">
<input type="hidden" name="sw" value="y">
</form>
<a href="http://localhost:9080/MyWebApp/DirectIt1Servlet2">Link </a>
</body>
</html>

The HTML form needs to be fired by JavaScript or an <INPUT> control.
You only have a simple link in there, conveniently skipping the form
altogether.

You *could* add JavaScript to have the link submit the form, yes...
but this would be the wrong way to control access.

Access your first servlet in browser. Right click and click View Page
Source... and there! You "secret" hidden field is plain for all to
see.

What's stopping your users to make a new HTML page on their own,
including a link to your servlet and together with the hidden field?

Visit Sun.com and read the J2EE tutorials.
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/
 
M

Manivannan Palanichamy

Okay -

Pardon if this is a newbie question... but this has been driving me
nuts.

I am trying to pass a simple hidden field from one servlet to another
servlet... .this is to prevent the second page from being displayed
directly - you have to go through the first page to get to the second
page.

I am using IBM Websphere Studio Application Developer Ver 5.1.2.

Below is my script for my first servlet (the one that you first go to)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet.java</title></head>" +
"<body>" +

"<form action=\"/MyWebApp/DirectIt1Servlet2\" method=\"get\"`>" +
"<input type=\"hidden\" name=\"sw\" value=\"y\">" +
"</form>" +

"<p>" + "Below is a button link to the correct page that you want.
You cannot get there any other way besides clicking on the link <br />below:<br />" +

"<br />" +
"<a href=\'http://localhost:9080/MyWebApp/DirectIt1Servlet2'>Link" +
"</a>" +
"</body></html>");
}
public void init() throws ServletException
{
super.init();
}

Below is the script to the second servlet (the one that is looking for
that parameter)

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
if(req.getParameter("sw")==null)
{
resp.sendRedirect("http://localhost:9080/MyWebApp/
DirectIt1Servlet");
}
else
{
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println("<html>" +
"<head><title>DirectIt1Servlet2.java</title></head>" +
"<body>" +
"<p>Congrats! You made it<br />" +
"</body></html>");
}
}

What the hell am I doing wrong? It keeps reading in sw as null, no
matter what I type.

Actually, Servler/JSP request doest not differentiate between a
'visible' or 'hidden' form field. You should be able get it in your
servlet's request object.

Looking at your html form code,

said:
"<input type=\"hidden\" name=\"sw\" value=\"y\">" +
"</form>"

I am guessing you are doing some wrong Form posting. Add a submit
button, and try changing the posting type from 'get' to 'post'.
Ensure, form's submit destination is perfect.

One more suggestion for you, do not program in this way. Session
should be used to track this page1 visit condition.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,479
Members
44,900
Latest member
Nell636132

Latest Threads

Top