0

I have a javascript function which opens a page using Servlet doGet method. Like IN Js:

var a  = "xxx?key=value";
window.open(a);

Here xxx is Mapped to AAA Servlet which extends Http Servlet and in that Servlet the logic is written in doGet method.

But the main issue is that since it is a get method, the entire parameter list (key and value pair which I send using the Java script) is visible in the URL. How can I change that to doPost to hide the data in the URL so that it is secure and no can see the data in URL.

Any other option is also welcome.

Thanks!

Soham
  • 218
  • 2
  • 6
  • 15
  • Or will it be a better idea to encrypt the key value in JS and decrypt them in the Servlet class keeping it as doGet ? – Soham Aug 25 '17 at 16:34
  • You seem confused regarding the semantics of GET vs POST requests. If you want to retrieve something, use GET requests, if you want to "POST" something (in another word, create a new resource) you use POST requests. Sending the query parameters in the request body does not make it any more secure, to encrypt your connection, use HTTPS – Trash Can Aug 25 '17 at 17:14

2 Answers2

0

When you open new tab or window you need to set the URL (with your get params). Now you have one option (use ajax):

  1. create a new page or view.
  2. open the new page with a simple <a target="_blank" href="url">.
  3. Use a javascript function to make a async request (ajax) to the servlet.
  4. Populate the view with results.

Having a servlet like this:

@WebServlet("/SampleServlet")
public class SampleServlet extends HttpServlet {

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String parameter1 = request.getParameter("param1");
        String parameter2 = request.getParameter("param2");

        //Process request, build response
        //You can return your prefered data type (html, xml...)     

        String jsonResponse = new Gson().toJson(new MyResponseObject(parameter1, parameter2));

        response.setContentType("application/json");
        response.setCharacterEncoding("UTF-8");
        response.getWriter().write(jsonResponse);
    }
}

And the "new view" (include JQuery lib):

<html>
<head>
    ...
    <script>
    $(document).ready(function (){
        $.ajax({
            url: '/SampleServlet',              
            type: "post",          
            data: {
               param1: "param1Value",
               param2: "param2Value",
            },
            dataType: 'json', //or html, xml...      
            success: function(data) {            
               //populate page body with servlet response (json, html, etc)                 
            }
        });
    });      
    </script>
</head>
<body>
    <!-- page content here -->
</body>
</html>
C.P.O
  • 1,213
  • 2
  • 11
  • 29
0

Wrap the following javascript with an event of some sort(click,function etc..):

var param = {
    key: "value"
};

$.post("someservlet", $.param(param), function(response) {
    // ...response is here if needed 
});

And in the servlet you just get the value like normal,

 String key = request.getParameter("key");

How to use Servlets and Ajax?

Jonathan Laliberte
  • 2,672
  • 4
  • 19
  • 44