I have a java servlet that is redirecting to a web application on a different server.
I was wondering if there is a way to hide the querystring parameters, so they are not visible to the client in the address bar.
response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2");
Is there a way to force the sendRedirect to POST to the page and hide the querystring?
Edit: use case.
- A user goes to http://www.mywebapp.com
- They are automatically redirected to my servlet filter
- The servlet handles SSO to an Identity provider using SAML
- Once it recieves the SAML response back, I redirect the now authenticated user back to mywebapp.com
- I want to pass some parameters back to the webapp. Parameters from the SAML response. But I don’t want the user to see them in the URL
Clearly, sendRedirect() is not what I want. What would be the best way to handle this?
You could connect to the other server from your servlet (
HttpConnection) and copy the returned data. The user will only see your server.An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.