Hide the url in a Grails application

2
votes

Is there a way to hide the url in the address bar with Grails application. Now users of the web application can see and change the request parameter values from the address bar and they see the record id in the show page.

Is there a way in Javascript or Groovy (URL Mapping) or Grails (.gsp) or HTML or Tomcat (server.xml or conf.xml or in web.xml inside application in the webapps)

ex(http://www.example.com/hide/show /) i want to avoid this url and always see (http://www.example.com) or (http://www.example.com/hide/show) without the record id

Is there a way to prevent this?

4
javascripthtmltomcatgrailsgroovy

4 Answers

1
votes

No, most browsers doesn't let you hide the address field, even if you open a new window using window.open. This is a security feature, so that one site can't easily pretend to be another.

Your application should have security checks so that one user can't access data that only another user should see. Just hiding the URL would not be safe anyway, you can easily get around that using tools built into the browser, or readily available addons.

0
votes

It's part of the restful URL pattern implemented by grails.

Your best bet to hide the URL would be using an iframe within the page you want the user to see in their address bar.

0
votes

Not quite sure what you mean, but I would change the default root URL mapping in UrlMappings.groovy so it looks a bit like this:

    static mappings = {

    "/$controller/$action?/$id?"{
        constraints {
            // apply constraints here
        }
    }
    //Change it here!!!!
    "/"(controller: 'controllerName', action: 'actionName')

Where 'actionName' and 'controllerName' are what you want them to be - 'hide', 'show' in your example?

Than pass all parameters via a post instead of a get, just change the <g:form> method.

You will still obviously need to implement any security checking required in the controller as stated by other posters.

Thanks,

Jim.

0
votes

You can probably handle this using a variation of Post/Redirect/Get:

http://en.wikipedia.org/wiki/Post/Redirect/Get

At our Grails site we have a lot of search fields. When a user clicked a pagination link all those search fields ended up in the URL which created ugly URL:s with a higher risk that users bookmarked those addresses which could mean future problems.

We solved this by saving not only all POST but also GET with parameters into the session, redirect to GET without parameters and append those again in the controller. This not only creates nice URL:s but also a memory so that if a user goes back to an earlier menu, then selected details within that menu are redisplayed.

For your specific request to hide the id in "show/42" you can probably handle that likewise or possibly configure Grails to use "show?id=42" instead, but we don't have that requirement so I haven't looked further into that issue. Good luck!

Forgot to mention: this won't add much to security since links will still contain ids, it will only clean up the address bar.

Here's some sample code that should work. If show?id=42 is called, it saves id=42 in the session, then redirects to just show and id=42 is added to params before further processing. It does what you want, but as commented it might not always be a wise thing to do.

def show = {
  if (request.method == 'GET' && !request.queryString) {
    if (session[controllerName]) {
      params.putAll(session[controllerName])
      // Add the typical code for show here...
     }
  } else {
    session[controllerName] = extractParams(params)
    redirect(action: 'show')
    return
  }