Is it possible to hide/mask the urls in the java play framework. The problem I have come across is I want a user to be able to log in and view messages belonging to them but I do not want any old user to find theses messages by simply hacking the url.
What I have got is a Notifications controller which has a method called show(long id).
my route for this method is:
GET /Message/Show Notifications.show
i call the function using
@Notifications.show(':id')
the url for this function is:
http://localhost:9000/Message/Show?id=8
Is it possible to remove the parameter off the end of the url so people can not hack into certain urls by guessing parameters.
This is something that can be achieved with Interceptions.
http://www.playframework.org/documentation/1.2.3/controllers#interceptions
Inside these classes you can check if the current user is logged in (store in session)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With