I have looked through many sites but I have yet to find the answer to this question:
I have a login page and after the user logs in I want to redirect to a completely different URL. But while redirecting it I want to pass the username with the http request. So for example:
request.setHeader(“test”,“testing.request) and then from the server side they can retrieve the header by request.getHeader(“test”).
I assume that with "redirect" you mean doing response.sendRedirect(newURL);. That means, that your login servlet, after a successful login, tells the browser, that it should send new request. The new request uses GET method, so the only way to add parameters is to add them directly to the new URL, e.g. response.sendRedirect("http://your.server/new/location?username=johndoe");.
If you want to use and modify the original request, I would suggest you to read http://www.javapractices.com/topic/TopicAction.do?Id=181 (Forward versus redirect).
Related
I have configured an OpenID Connection application on OneLogin (not sure the provider matters) with a configured post MFA authentication redirect uri of
http://localhost:4200/LoginResponse.aspx?
The code behind my LoginResponse.aspx page grabs the returned id_token and processes it.
The issue is that after my initial redirect to the MFA login and successful login/MFA validation, the redirect is coming to
http://localhost:4200/LoginResponse.aspx#id_token=12345678987...........
Note the "#" symbol after my .aspx extension. This is corrupting the parameter string that is returned and not allowing me to grab the value of id_token from the Response.
After the redirect comes back, if I simply manually replace the "#" with a "?" and hit enter, my LoginResponse.aspx page loads fine and finds the id_token and processes it with my business logic.
My question is, how can I get the redirect to actually return to "LoginResponse.aspx?" so that I can grab the parameters.
On my OpenID Application I have tried the following options as Redirect URIs
LoginResponse
LoginResponse.aspx
LoginResponse.aspx?
LoginResponse.aspx?action=test
Did that last one to see if I could get around the ? not being there. But that just redirected the page to "LoginResponse.aspx?action=test#id_token=..............." So again, I could not grab the "id_token" variable out of the URL Response/QueryString.
I just cannot figure out how to get rid of this unwanted "#" sign and have a "?" after my .aspx extension.
Any help would be greatly appreciated!
I assume you are using the implicit flow to retrieve the tokens and in this flow you can either get back the tokens in the URL with the #. The # is added to make sure the tokens are not sent back to the server, instead they just stay in the browser. If it was a #, then the secret tokens would be sent back to the server and end up in various logs and creating various security issues.
I don't know how you implemented the client, but in OpenID Connect, if you add this parameter "&response_mode=form_post" to the initial authorization request, then you will get back the token using a POST request instead. just like this picture shows:
PS, I doubt you can get back the tokens using a ? instead of #.
I'm developing a Scraping app to extract some information from a sit. To get that information I have to be logged in to that site.
So I use Http post and pass the data needed for login using FormData and log in successfully, so I can browse the private content of that site.
My question Is: "How can I tell if the user is logged in?". What is the simple way to do that using session cookies or something like that?
I'm currently checking the connection by sending an Http Get Request to a Url that I know is available to registered users.
So before I try to login again, I use this method "isLoggedIn" to check the connection. But it is not perfect, I mean, it seems a kind o tricky and not the best way to do that.
Currently, I'm using Dio - a Lib to make Http Request in Dart. But I think it's a general Http matter.
Just to register...
I solve that after checking the difference between a 'logged' and a 'not logged in' response. In my specify case, when I did a get request to the login page, it answers with a response that has a 'CUSTOMER_AUTH' cookie setted with a random String, otherwise, this cookie is not present.
So I just check if this cookie is present and if it has a valid value.
How to Hide query String URL in Spring MVC
We are using third party URL, when we hit the URL it open a PDF, we want to hide some parameters in query string URL. In the URL there pass invoice number and Date both parameter we want to hide, when we hit URL in any ways.
If we cannot hide the using query string while using URL tag? What is the alternative for the above scenario.
URL: http://abcxyz/GetDocument?DocumentClass=INV&invno=098765546&invdt=11/01/2016
You may be able to use a POST request rather than a GET, that way the parameters do not appear in the url, but this will depend on whether the third party will support a POST request.
A GET request will always show the params in the url. If you leave out the parameters, the request probably can't be completed properly.
A user would still be able to see what was sent even if using a POST request or javascript to fetch the document. Their browser's development tools will show the requests and the parameters. This makes sense since it's their browser that is making the request and you can't stop them from checking what data they are sending out or receiving.
One way I can think of is to have your server request the page from the third party and serve that to the user's browser. That way your user will be requesting the data from your server and doesn't need to know about the third party at all, you will have control over the url that serves the pdf.
One caveat I would add is that you might want to check the third party's terms of service to see if this would violate them.
May be this is an awkward question due to my lack of knowledge and I don't know which topic I should search to know about this, but I kind of hope/wish there was a solution.
What I mean is there any way I could send http requests to multiple domains ?
For eg: If I send an http request for a page www.facebook.com/stackoverflow.
I want a simple info that this link is clicked by someone by sending a message to my domain also.The URL can be changed to anything with primary URL still as main source.
What I mean plainly is
www.facebook.com/stackoverflow+{additional code to some way a request to my website also }
When you send a request for http://www.facebook.com/stackoverflow, it requires making a TCP connection to www.facebook.com's server and then sending an HTTP request for the /stackoverflow resource on that server. You can't make Facebook forward the same request to another server.
If you want the link to request your domain, you have to declare your domain as the target of the link. You can specify another URL as an extra parameter, so your domain can use an HTTP redirect to forward the client to that URL when ready. For instance, search engines do this all the time to track the links that users click on in search results.
For example:
http://www.example.com/doSomething?goto=http%3A%2F%2Fwww.facebook.com%2Fstackoverflow
The client would connect to the www.example.com server and send a request for /doSomething?goto=http%3A%2F%2Fwww.facebook.com%2Fstackoverflow. A script located at /doSomething can do whatever it needs to do, and then redirect the client to the URL in the goto parameter (http://www.facebook.com/stackoverflow).
Is there a way to know if the request has been redirected or forwarded in the doGet method of a Servlet?
In my application, when a user (whose session has timed out) clicks on a file download link, they're shown the login page, which is good. When they login, they are immediately sent the file they requested, without updating the page they see, which is bad. Basically, they get stuck on the login screen (a refresh is required).
What I want to do is interrupt this and simply redirect to the page with the link, when a file is requested as a result of a redirect.
Perhaps there are better ways to solve this?
The redirect happens client-side. The browser is instructed by the previous request to send a new request, so to the server it does not make a difference. The Referer header might contain some useful information, but it's not certain.
When redirecting you can append some parameter, like ?targetPage=dowloadpage and then check if the parameter exists. You may have to put this in a hidden field on the login page if you want it to be transferred through multiple pages.
If you're using container managed authentication, then I don't believe you can detect this since the server will only involve your resource once authentication has been completed successfully.
If you're managing authentication differently, please explain.