multipartFile request from a redirect - grails

Is it possible to run a request command on a set of multipartFile objects for a set of selected files that has been passed to an second action from an initial action that received them from an type file input html tag.
I can access the multipartfile object as a string in the redirected (second) action -
Such as:
form:org.springframework.web.multipart.commons.CommonsMultipartFile#35d79259
But I am unable to run a request command such as request.getFiles - also I cannot cast it as a MultipartFile.
The redirect to intentional - let me explain what I'm trying to do in more detail:
I have a file upload web page with an input form that sends the selected files (multpartFile objects) to the action. Prior to uploading the files from the client I want the user to have a web page where he adds extra data to each file prior to uploading (metadata tags). To do this I was going to redirect to another action that displays a web page with the list of the files (having transferred the params data that contain the files selected from the original web page to the redirected action) and input fields for the user to add tags. In short the redirect is intentional.
I guess the correct way to do this is using js on the original web page - just wanted to see if I could do it this way instead?
-mike

In general redirects use GET, so there's nowhere for the form body and uploaded file(s) to go. POST/UPDATE/DELETE actions make changes, and a redirect is typically an indication that something went wrong, e.g. something mild like a url changed (301/302), or something more serious like an authenticated user trying to access a page they have no permission for, or an unauthenticated user trying to access anything guarded (401/403).
You wouldn't want to pick up where you left off from a lot of scenarios that trigger a redirect (and it wouldn't be practical at all) so it's common to not attempt to do anything with form or file upload data and let the user re-do the action.

Related

Prevent browser from caching link destination

I have an ASP.MVC application. There are some sites in the application which are accesible only with certain user permissions. If user doesn't have required permissions I am redirecting to another controller and displaying page with Not authorized message.
When user without permission tries to visit restricted page using a link, browser caches destination. So always after clicking this link user will be redirected to Not Authorized page, even if permissions are granted. Browser skips directly to cached destination.
I have disabled caching on server side but, this doesn't seem to work in this case, any ideas how I can prevent browser from remembering links destination?
Thanks in advance,
Konrad
There's no logical reason for such a behavior to occur. First, check to make sure that the user is authorized like you think they are and that your redirect code is functioning properly (such that it only redirects if indeed the user is unauthorized). Short of that, make sure you're using a temporary redirect, and not redirect permanent. Although the browser shouldn't decide to just cache the resulting page indefinitely either way, it would perhaps have more cause to think it could if you're sending a permanent redirect.
Without seeing your code I'm not entirely sure there isn't something else going on, but here's a thought:
You can programmatically construct a hyperlink in your razor page to build a unique URL each time the page is refreshed. Just tack on a ?token=#uniqueVar onto the end of the url. The token need not be used in any place in your code, but if your uniqueVar is a timestamp or a Guid or something, your URL will be different every time.

How can I transfer some data between ActionMethods without using TempData or the Db

I have a controller action which returns a password protected zip file to the user when the click a link. The password is generated randomly.
If the download is successful, I'd like to then call another action method on the controller to get the password and display it on the screen. I'd be happy to do it all in one request but it doesn't feel possibly in a non horrible way.
I'm using this library to download the file jquery download library
I can't use tempdata or session state and hitting the database feels a little bit like using a hammer to crack a nut. I've thought about storing it in the response or a cookie but that feels a bit wrong too.
URL or hidden field should do (that is, they are both user-stored either as part of POST or GET request).
The question is, how can you return the password to the client and start the download at the same time. If there's no server storage you can't do it, since they are separate HTTP requests (unless you use cookie). I think this is the best way to do it:
Open your download page, and generate the password at that time,
so you can put it in hidden field (for successCallback of jquery
download library)
When calling your server to download the file,
pass the password as get or post to the download URL, and use this
password to compress
Once download finishes, you know what the
password was, so you can redirect to another page and show it.
Actually, since you already have it on the page, you can show it
right after download using javascript. Or maybe you can just show
the password right away, while download is still happening.
So, this is probably reversal of your architecture. And possibly this is not acceptable (you may want to generate secure passwords and guarantee users don't mess with them - that's possible if you pass the password in the download request). But that's the only way without server or cookie storage.
use
return RedirectToAction("Action", new { id = 99 });

Get POST variables from browser control

In my winphone application I have a Browser control and a page with HTML form in it. Is it possible to somehow extract POST variables from control after user fills in and submits a form inside it?
Trying to execute JS and bind some events to submit button is not an option. I wonder if it can be done by using standard methods and events accessible for Browser control.
The Navigating event would be your most likely option for getting this information, but you can only get the Uri being navigated to. You do not get access to the Request object that is being sent to the server.

How can I securely pass and receive data to/from an external service using form posts?

We need to post from data to a partner who is providing a service to us. We want to do this via a form post to keep things simple.
We will post form data (an id) to a form on the service providers website using JavaScript etc.The service needs to take this id and show some associated data to the user. We pictured this posting to a form on their server and then displaying the result in a popup. If the user is happy with the associated data they will hit submit on the form in the popup (which is on the service providers server) and the service provider will post to a controller on our server.
User clicks link on our website
This posts data to the service providers site and displays content from service providers site in a popup/iframe
User checks the data displayed in popup and sees they are happy with it
The user hits submit in the popup (service provider updates something on their site)
Service provider submits form data to our controller (we update something on our site)
We need to make sure that only our server can post to their page and only they can post to our page.
We are using MVC3. They are using a web technology of their choice.
Any advice on the simplest quickest, and secure way of doing this. Obviously need to prevent replay attacks and be sure that they are the only ones that can post to us.
We want to do this via a form post to keep things simple. We will post
to a web page on their server, they will do some processing and post
the data back to a controller action on our server.
Ah no, that's impossible. If you have an HTML <form> whose action is pointing to some url (no matter if this url is located on your server or on a third-party server), when this form is submitted the browser will POST to this url and redirect to it. This means that while you will be able to send the request to the remote source and it might then query some controller action on your domain you will not be able to show the results of the execution of this controller action in the browser, because the browser will show the result of the execution of this remote url.
So one technique would be to have the HTML <form> POST to a controller action of yours which itself will delegate the request to the remote service (using a WebClient) and then return some view to the user.
Now all that's left is to ask the network administrator of the remote server to allow HTTP requests only from the IP address of your web server.
Of course this is leaving the possibility for the user to craft an HTTP request to the controller action of yours and thus indirectly hit the remote service. The only possible way to prevent this from happening is to use authentication and deny public access to anyone to this controller action.

How to redirect page after returning FileStreamResult in ASP.NET MVC

We have a reporting feature on our site that allows users to download PDF reports of various data. Some of the reports require parameters, and when this is the case we forward them to a parameter setting view after they choose a report.
After posting the parameters to the server, a FileStreamResult with the PDF is returned. The problem is, that for reports with parameters, the user is left at the parameter setting page after the FileStreamResult is returned. I would like to redirect them back to the reports list page.
Is there anyway to do this with the FileStreamResult, or, should I be looking into a custom solution?
you could set the response redirect headers manually before you feed the file although I'm not sure that would work.
How about redirecting back to a "thanks for downloading" page then start the download?
Simon

Resources