Feature – query-parameter masking

Splash Forums Rewrite Users Feature – query-parameter masking

Tagged: , ,

This topic contains 1 reply, has 2 voices, and was last updated by  Christian Kaltepoth 1 year, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #26382

    djmj
    Participant

    karlkilden created a feature request at omnifaces and i forwarded this to OCPsoft.

    For some applications it is necessary to hide view-parameters by masking them to keep url private.
    This is some kind of rewriting and would be a great feature.

    Example:

    index.xhtml?foo=hello&bar=world <-> private/52342lkasdla234123asd

    Applications:

    • SAAS – DropBox, shared calendar…
    • User activation URI masking private details, would remove the need to save activation-keys in database.

    Ideas:

    • Provide different encoding algorithms to choose or allow custom ones.
    • Allow global salt parameter for security.

    What do you think?

    • This topic was modified 1 year, 11 months ago by  djmj.
    • This topic was modified 1 year, 11 months ago by  djmj.
    • This topic was modified 1 year, 11 months ago by  djmj.
    #26397

    This is definitely possible with Rewrite. You just have to create a rule that performs the transformation. You could for example create random strings and maintain a mapping which resolves the real URL from the random string.

    However, I don’t think that it makes sense to include a concrete rule in Rewrite as many of the details depend on the specific usecase.

    If you want to create such a rule yourself, do something like this:

    .addRule()
    .when( Direction.isInbound().and( Path.matches( "/private/{token}" ) ) )
    .perform( new HttpOperation() {
      @Override
      public void performHttp( HttpServletRewrite event, EvaluationContext context ) {
        
        String realUrl = ...;
        
        Forward.to( realUrl ).perform( event, context );
        
      }
    } )
    

    I

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.