4

Using Spring 4.2.9

Web-Flow: My web-flow has three pages page-1, page-2 and error-Page

Scenario: User clicks on a link in the email, my back-end code consumes the link and user lands on a page-1(the link in the address bar now is different than what the user clicked on), the user does the required stuff on page-1 and clicks continue button and lands on page-2.

What I need when the user is on page-2:

  1. User presses browser back button they should go to error-Page.
  2. The user had copied the link when they were on page-1 and open a new tab and paste the page-1 link, they should land on error-page.
Brandon Minnick
  • 13,342
  • 15
  • 65
  • 123
stargazer
  • 123
  • 1
  • 5
  • what is hourly rate? – Iłya Bursov Jan 18 '18 at 23:46
  • 2
    Can you point to the research you have done so far, and the code you have written so far, to make in an [on-topic question](https://stackoverflow.com/help/on-topic)? – tkruse Jan 19 '18 at 00:24
  • 1
    It looks like you want us to write some code for you. While many users are willing to produce code for a coder in distress, they usually only help when the poster has already tried to solve the problem on their own. A good way to demonstrate this effort is to include the code you've written so far, example input (if there is any), the expected output, and the output you actually get (console output, tracebacks, etc.). The more detail you provide, the more answers you are likely to receive. Check the [FAQ] and [ask]. – Clijsters Jan 19 '18 at 16:39

3 Answers3

0

  1. It's a quite common problem. A simple google search gave some possible solutions. Did you tried them? If yes, then update the question with more specifics on the issue. If not, here are a couple of links:

  2. You can achieve this by configuring a Spring MVC filter (or interceptor). There you can check if the request is GET and it contains the url that you want to block. If true, you can redirect that request to the error or access denied page.

Clijsters
  • 4,031
  • 1
  • 27
  • 37
Rahul
  • 637
  • 5
  • 16
0

To prevent the user from resetting values when going back with the browser back button you can put a variable in the conversationScope, variables in this scope are not reverted to their previous state when you use the back button. You can this way set a variable when they reach part 2 and check for it when you load part 1, but for this to work part 1 and part 2 need to be in the same flow.

To prevent the users from using a link again, if they are authenticated users you can save a flag in the database that say they have finished the flow and simply look at the database when loading part 1 and throw an exception if the user shouldn't have access. If they are unauthenticated users (like when doing surveys), give each users a token in the url (the token should be random enough that it cannot be brute forced easily) and store it in your database, when part 1 load check that the token is in the database and when your flow is done remove the token from the database.

If you can't do any of this, you can use cookies, just send a cookie to the user when they arrive on part 2, their browser will automatically send it on any new request so if you see it on part 1 you can throw an exception. But users will be able to delete their cookies to circumvent the protection.

Nyamiou The Galeanthrope
  • 1,178
  • 9
  • 23
0

Changing page-2 to end-state solved the problem. The solution was mentioned in "The Definitive Guide to Spring Web Flow". Thank you all for your help.

stargazer
  • 123
  • 1
  • 5