0

我有一个 java servlet,它重定向到不同服务器上的 web 应用程序。

我想知道是否有办法隐藏查询字符串参数,以便客户端在地址栏中看不到它们。

response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1&parameter2=value2");

有没有办法强制 sendRedirect POST 到页面并隐藏查询字符串?

编辑:用例。

  • 用户访问http://www.mywebapp.com
  • 它们会自动重定向到我的 servlet 过滤器
  • servlet 使用 SAML 将 SSO 处理到身份提供程序
  • 一旦它收到 SAML 响应,我将现在经过身份验证的用户重定向回 mywebapp.com
  • 我想将一些参数传递回 webapp。SAML 响应中的参数。但我不希望用户在 URL 中看到它们

显然, sendRedirect() 不是我想要的。处理这个问题的最佳方法是什么?

4

4 回答 4

1

No, you can't use POST in this scenario. When calling sendRedirect() this is what you send back to the client:

HTTP/1.1 302 Found
Location: http://www.mywebapp.com/login.html?parameter1=value1&parameter2=value2

Browser interprets this and points user to that location.

Something tells me (maybe login.html name and two parameters) that you want to automatically login user on some web site). Don't go this way, sending username/password (both using GET parameters and inside POST) is really insecure.

Without knowing much about your use case it's probably the best solution to call http://www.mywebapp.com/login.html from your servlet, parse the response and return it to the user (so he will never really see mywebapp in his browser.

于 2012-12-05T18:59:05.313 回答
0

You could connect to the other server from your servlet (HttpConnection) and copy the returned data. The user will only see your server.

An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.

于 2012-12-05T18:59:27.093 回答
0

您可以从服务器端转发请求,然后最后重定向到其他页面

于 2012-12-05T18:59:49.830 回答
0

我找到了一种从 Java 或 Android 项目中隐藏任何字符串的方法,它具有内部类的概念,使用 proguard 来隐藏它们一个类是我的服务器端处理

于 2020-02-25T21:09:36.867 回答