Prevent user to go back, but filter is not working

Question

I have a payment form. When user submit the form the payment process runs successfully, but clicking the back button brings user to same form. I want to expire the form after successful submission, to prevent user from multiple payment (in case user goes back and submit form). Following Prevent user from going back tutorial, I added the filter but it's not working for me. What am I doing wrong? Here is what I added for filtering.

<filter>
    <filter-name>paymentFilter</filter-name>
    <filter-class>path to PaymentFilter class</filter-class>
</filter>
<filter-mapping>
    <filter-name>paymentFilter</filter-name>
    <url-pattern>/order/*/payment</url-pattern>
</filter-mapping>

and my filter class is

public class PaymentFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        // TODO Auto-generated method stub          
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {

        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        httpServletResponse.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        httpServletResponse.setDateHeader("Expires", 0); // Proxies.
        System.out.println("In filter");            
    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub          
    }

}

I have added a System.out.println("In filter") but I can't see its output ("In filter") on console after running the page.

When I use the URL pattern as /* the System.out prints on console,

<url-pattern>/*</url-pattern> (it works as expected)

but when I change the URL pattern to /order/*/payment (* is order id what changes for each order). then System.out does not print anything on console.

<url-pattern>/order/*/payment</url-pattern> (it doesn't work)

I am using spring mvc, apache, tomcat7.0

---/order/161778/payment is a sample url i copied from address bar. — Shahzeb Khan, Nov 24 '12 at 18:30
What's wrong if the user need to submit payment in batch by several small parts? — Roman C, Nov 24 '12 at 19:31

score 2 · Answer 1 · answered Dec 11 '12 at 17:20

2

As yourself already found, * can only be a prefix or a suffix of the url-pattern. The reasoning for this is that a lot of ambiguity would arise if it was defined otherwise.

Further, if you submit your form with GET, the user always can go to the resulting screen by hitting the back button. If you use POST, the browser will say that this may not be possible.

answered Dec 11 '12 at 17:20

Victor Stafusa - BozoNaCadeia

13,995
13
56
72

Thanks for response, i am submitting form using post. – Shahzeb Khan Dec 12 '12 at 05:45

score 2 · Answer 2 · answered Dec 11 '12 at 18:20

2

I have an alternate solution to your problem. You can try javascript or jquery to disable the back or forward button.

answered Dec 11 '12 at 18:20

Sayan

145
2
15

thanks for your response, initially i was using javascript but that didn't meet the requirements. – Shahzeb Khan Dec 12 '12 at 05:44

score 1 · Answer 3 · answered Nov 24 '12 at 18:45

1

try by adding

chain.doFilter(request, response);

as your last line in doFilter method.

answered Nov 24 '12 at 18:45

someone

6,577
7
37
60

thankx for response, i added the line but not worked. As you can see i haved added a system.out but even it does not print on console, – Shahzeb Khan Nov 24 '12 at 18:49
i have just one filter for the time being. – Shahzeb Khan Nov 25 '12 at 15:47
1

Can you just set url patren as /* and see to identify the root cause. – someone Nov 25 '12 at 15:56
thanks for suggestion, now i just changed the url mapping and the "In filter (system.out's result) appear on console, but i can still navigate to back, what i am expecting that after adding this filter i shouldn't be able to go back, what is wrong with my code? – Shahzeb Khan Nov 25 '12 at 17:15
Ok it seems no issue with your filter implementation. Now do this and see *.jsp – someone Nov 25 '12 at 17:31
thanks for response, actually i am using velocity template(documents named *.vm), should i still use *.jsp? – Shahzeb Khan Nov 25 '12 at 17:35
No, use *.vm in your case. – Victor Stafusa - BozoNaCadeia Dec 13 '12 at 00:25

score 1 · Accepted Answer · answered Dec 05 '12 at 07:38

1

What gave me the solution to my problem is that i "can not" user regular expression in my url-patter for filter mapping. * can only be use as suffix or prefix.

answered Dec 05 '12 at 07:38

Shahzeb Khan

3,582
8
45
79

Prevent user to go back, but filter is not working

4 Answers4