dcsimg
request variable - checking referer
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Noaman_Sayed
Posted On:   Wednesday, March 9, 2005 10:28 PM

Hi I'm checking for valid referers in my jsp page here is the code, in IE browser itself it works on majority of the computers and few it does not. I've been trying to find out why since a month now. I cannot out.write statements as it all works fine on the computers I try, the ones it does not i dont have access to read information. any help will be much appreciated Thanks -- verifyReferer.jsp -- <%! LinkedList allowedReferrers = new LinkedList(); String stripQueryString(String fullURL) { int questionIndex = fullURL.lastIndexOf("?"); questionIndex = (questi   More>>

Hi


I'm checking for valid referers in my jsp page



here is the code, in IE browser itself it works on majority of the computers and few it does not. I've been trying to find out why since a month now.



I cannot out.write statements as it all works fine on the computers I try, the ones it does not i dont have access to read information.



any help will be much appreciated


Thanks


-- verifyReferer.jsp --


<%!


LinkedList allowedReferrers = new LinkedList();

String stripQueryString(String fullURL) {

int questionIndex = fullURL.lastIndexOf("?");

questionIndex = (questionIndex == -1) ? fullURL.length() : questionIndex ;

return fullURL.substring(0, questionIndex);

}

void allowReferrer(String url) {

allowedReferrers.add(url);

}


boolean checkReferrer(HttpServletRequest request) {

Enumeration referrers = request.getHeaders("Referer");

while (referrers.hasMoreElements()) {

String referrer = stripQueryString( (String) referrers.nextElement() );

if(allowedReferrers.contains(referrer)) {

return true;

}

}

return false;

}

%> <%

String username = (String) session.getAttribute("username");

String me = stripQueryString( request.getRequestURL().toString() );



final String BASEURL = "http://"+request.getServerName()+"/smartercompany/";

final String SMARTERBASEURL = "http://"+request.getServerName()+"/clientLogin.jsp";



final String indexURL = BASEURL+"index.jsp";

final String measuringURL = BASEURL+"measuring.jsp";

final String managerURL = BASEURL+"manager.jsp";

final String confirmedURL = BASEURL+"confirmed.jsp";



if (me.equals(indexURL)) {

allowReferrer(SMARTERBASEURL);

allowReferrer(indexURL);

allowReferrer(measuringURL);

allowReferrer(managerURL);



allowReferrer(BASEURL+"validate.jsp"); //validate.jsp just redirects, just have it Just in case...



} else if (me.equals(measuringURL)) {//measuring

allowReferrer(indexURL);

} else if (me.equals(managerURL)) {//manager

allowReferrer(measuringURL);

} else if (me.equals(confirmedURL)) {//confirmed

allowReferrer(managerURL);

}



if (username!=null && checkReferrer(request)==true) {

// do nothing, they're good

} else {

/*

out.write("
You have been barred!");

out.write("username is: "+username+"
");

out.print("FROM: "+request.getHeader("referer"));

out.print(", TO: "+request.getRequestURL());

out.print("
");

out.print(me);

*/

%>



<%

}

%>






Thanks again

Noaman

   <<Less
About | Sitemap | Contact