i have a controller redirect to a url I want that parameters should not be displayed as a query string

Question

i am using

sendRedirect("http://api.mVaayoo.com/mvaayooapi/MessageCompose?user=someuser@gmail.com:123456&senderID=TEST SMS&receipientno=0987654321&dcs=0&msgtxt="+ message + "&state=4")

to call mvaayoo api for sendind sms .But the parameters are displayed in address bar to the client . Is there a way to hide query string? I dont want to purchase SSL certificate.

are you using jsp or spring-mvc? – Braj Jul 25 '14 at 04:41 — Braj, Jul 25 '14 at 04:41

score 0 · Answer 1 · answered Jul 25 '14 at 04:47

0

The problem is not how you redirect, rather the problem is in the provider of the redirect URL you are trying to use:

http://api.mVaayoo.com/mvaayooapi/MessageCompose

No sensitive information should be used as a GET/query param.

answered Jul 25 '14 at 04:47

Juned Ahsan

67,789
12
98
136

score 0 · Answer 2 · edited Jun 20 '20 at 09:12

Is there a way to hide query string?

Pass additional data as redirect attributes instead of passing it as query parameters.

To carry data across a redirect use RedirectAttributes#addFlashAttribute(key, value).

What Java doc says:

A RedirectAttributes model is empty when the method is called and is never used unless the method returns a redirect view name or a RedirectView.

After the redirect, flash attributes are automatically added to the model of the controller that serves the target URL.

sendon1982 · Answer 3 · 2014-07-25T06:22:59.437

-1

You need to use URLConnection to achieve this:

HTTP GET:

URLConnection connection = new URL(url + "?" + query).openConnection();
connection.setRequestProperty("Accept-Charset", charset);
InputStream response = connection.getInputStream();

Target URL's doGet() method will be called and the parameters will be available by HttpServletRequest#getParameter().

HTTP POST:

URLConnection connection = new URL(url).openConnection();
connection.setDoOutput(true); // Triggers POST.
connection.setRequestProperty("Accept-Charset", charset);
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + charset);

try (OutputStream output = connection.getOutputStream()) {
    output.write(query.getBytes(charset));
}

InputStream response = connection.getInputStream();

Target URL's doGet() method will be called and the parameters will be available by HttpServletRequest#getParameter().

edited Jul 25 '14 at 06:22

answered Jul 25 '14 at 04:45

sendon1982

9,982
61
44

It is a redirect request? You will get nothing using this. – Juned Ahsan Jul 25 '14 at 04:49
Sorry, then you can put them in the session scope. – sendon1982 Jul 25 '14 at 05:02
not even in session, that will also not work. A redirect request is a completely fresh session and request. – Juned Ahsan Jul 25 '14 at 05:19
I see, the redirected URL is a different host, in a separated JVM. – sendon1982 Jul 25 '14 at 05:48

score -1 · Answer 4 · answered Jul 25 '14 at 04:47

-1

Take a look

    List<String> pathParam = null;
    if(null!=request.getPathInfo() && !request.getPathInfo().trim().isEmpty()){

        String paths[] = this.getPathInfo().replaceAll("\\/$|^\\/", "").split("/");
        pathParam = new ArrayList<>(Arrays.asList(paths));
     }

    // assume your servlet url  is "/login/*" 

   // called url in browser /login/param1/param2/param3

    String param1 = pathParam.get(0);
    String param2 = pathParam.get(1);
    String param3= pathParam.get(2);

answered Jul 25 '14 at 04:47

Vicky

603
5
6

What are you trying to answer?? – Juned Ahsan Jul 25 '14 at 04:48
you can pass your parameter as url path not as query String – Vicky Jul 25 '14 at 04:49
If you are redirecting third party url. It is not possible because all urls and parameters are controlled by that website – Vicky Jul 25 '14 at 04:53
The question is about how to hide sensitive info from query params or in URL. Your answer does not address that at all. – Juned Ahsan Jul 25 '14 at 05:20

i have a controller redirect to a url I want that parameters should not be displayed as a query string

4 Answers4