Validation of the request from a particular page

Question

I have an application in which I need to validate that the request to the present page has come from a particular page. I need to display the page from which the request is supposed to come if the request has not come from that page. What could be the possible approaches? I was thinking of a encrypted value which could be present in both the pages, if that values has been passed then it means that the request has come from the desired page. If the value is NULL, then it means it has not come from the desired page. Hence I need to display the desired page from where the user is expected to come.

I was just wondering if there could be better approaches than the one I have.

Answer 1

Put the page in /WEB-INF and use RequestDispatcher#forward() in the servlet and make use of POST instead of GET.

Placing in /WEB-INF prevents from direct access by URL. Have a link or a form in the first page which points to the url-pattern of the servlet. Using POST prevents users from directly calling the servlet.

Basic example of first.jsp:

<form action="servletUrlPattern" method="post">
    <input type="submit">
</form>

Basic example of Servlet:

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // You can eventually do here other form-related stuff, if any.

    // Now forward to second.jsp in WEB-INF.
    request.getRequestDispatcher("/WEB-INF/second.jsp").forward(request, response);
}