0

目标:隐藏页面 URL 中的键/值对。例如 - http://abc.xyz.com/nav/book?clientID=390&fundID=-1&navDate=-1

我不希望 clientID 等在 URL 中可见(出于安全原因)。我知道http是一个无状态协议。

我尝试过使用 HttpSession、Spring @SessionAttributes,目前正在使用 spring“会话”范围的 bean -

@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class UserSession {

    private String clientID;
    private String fundID;
    private String navDate;

    public String getClientID() {
        return clientID;
    }
    public void setClientID(String clientID) {
        this.clientID = clientID;
    }
    public String getFundID() {
        return fundID;
    }
    public void setFundID(String fundID) {
        this.fundID = fundID;
    }
    public String getNavDate() {
        return navDate;
    }
    public void setNavDate(String navDate) {
        this.navDate = navDate;
    }
}

并在我的控制器中使用它-

@Controller
@SessionAttributes(value = {"client","fund","nav"})
public class HomeController {
    @Autowired
    private UserSession userSession;

    @RequestMapping(value = "abc", method = RequestMethod.GET)
    public ModelAndView navWorkbook(Model model, HttpServletRequest request, HttpServletResponse response,
            @RequestParam(required = false) String clientID,
            @RequestParam(required = false) String fundID,
            @RequestParam(required = false) String navDate) {
        ModelAndView modelAndView = new ModelAndView("abcd");
        .
        .
        .
        userSession.setClientID(clientID);
        userSession.setFundID(fundID);
        userSession.setNavDate(navDate);
        modelAndView.addObject("userSession", userSession);
        return modelAndView;
    }
}

有没有办法隐藏在 URL 中显示的 spring bean 的属性名称/值?

多谢你们

4

1 回答 1

0

在请求映射中,您必须使用RequestMethod.POST而不是RequestMethod.GET.

 @RequestMapping(value = "abc", method = RequestMethod.POST)
于 2013-09-25T15:31:38.077 回答