Feature – query-parameter masking

Splash Forums Rewrite Users Feature – query-parameter masking

Tagged: , ,

This topic contains 1 reply, has 2 voices, and was last updated by  Christian Kaltepoth 3 years ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #26382


    karlkilden created a feature request at omnifaces and i forwarded this to OCPsoft.

    For some applications it is necessary to hide view-parameters by masking them to keep url private.
    This is some kind of rewriting and would be a great feature.


    index.xhtml?foo=hello&bar=world <-> private/52342lkasdla234123asd


    • SAAS – DropBox, shared calendar…
    • User activation URI masking private details, would remove the need to save activation-keys in database.


    • Provide different encoding algorithms to choose or allow custom ones.
    • Allow global salt parameter for security.

    What do you think?

    • This topic was modified 3 years ago by  djmj.
    • This topic was modified 3 years ago by  djmj.
    • This topic was modified 3 years ago by  djmj.

    This is definitely possible with Rewrite. You just have to create a rule that performs the transformation. You could for example create random strings and maintain a mapping which resolves the real URL from the random string.

    However, I don’t think that it makes sense to include a concrete rule in Rewrite as many of the details depend on the specific usecase.

    If you want to create such a rule yourself, do something like this:

    .when( Direction.isInbound().and( Path.matches( "/private/{token}" ) ) )
    .perform( new HttpOperation() {
      public void performHttp( HttpServletRewrite event, EvaluationContext context ) {
        String realUrl = ...;
        Forward.to( realUrl ).perform( event, context );
    } )


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.