Postback delay taglib ver. 1.2


    Custom JSP taglib lets you check out delay for postback. The idea is very simple: you can add timestamp to your HTML forms on the rendering stage and use that value for the calculation during the postback processing. Why do we need (or may need) that?

At the first hand you can implement a profiling in your web applications. And the second (and probably more interesting) solution is spam bot detection. Humans cannot submit forms too fast. So if the delay between form rendering (request) and postback is too small than it is very likely that this form was submitted by some software robot. Of course it is heuristic algorithm but it will work. Sure, some artificial delay could be easily added to the bot, but that will cause the delay for the bot itself. For example:
 


<%@ taglib uri="taglib.tld" prefix="d" %>

<%
if ("POST".equalsIgnoreCase(request.getMethod())) {
%>

<d:getPostbackDelay scope="application"/>

<%
}
%>

<form method="post">
<input type="text" name="comment">
<d:setTimeStamp scope="application"/>
<input type="submit">
</form>

Here tag setTimeStamp adds a hidden field to your form and saves time stamp in the application scope. Tag getPostbackDelay prints calculated delay (in milliseconds).

You can save time stamp in the global scope or in the session scope (on per user basic).

Within your JSP page you can directly set the minimal required delay. E.g.:
 

<d:minPostbackDelay scope="application" delay="800"/>

Here tag minPostbackDelay will return error code 503 (not allowed) for request with postback delay in less than 800 milliseconds.

If you are processing HTTP requests in servlet you can use the following call:
 

long com.cj.postback.Util.getPostbackDelay(ServletContext context, HttpServletRequest req, String scope)

If time stamp does not exist in the request or could not be found on the server side than returned delay will be 0.

Tags are:

setTimeStamp

Tag adds a hidden field to your form for the future postback delay calculation. Parameters are:

1) scope Optional attribute. Describes a scope. Possible values are session or application. Default value is session.
2) cond Optional parameter. Describes a boolean value tag's behavior depends on. Default value is true (set a time stamp).

getPostbackDelay

Tag calculates the delay (milliseconds) for postback. Prints (returns) 0 if this value could not be calculated. Parameters are:

1) scope Optional attribute. Describes a scope. Possible values are session or application. Default value is session.
2) id Optional attribute. Describes a name for your page scope variable (type is java.lang.Long) that will keep a calculated value. Without this attribute tag simply prints the value.

minPostbackDelay

Body tag sets a minimal allowed delay (in milliseconds). For the smallest delay tag interrupts request and sets error code 503 (if body is empty) or redirects to the URL provided in tag's body. Parameters are:

1) delay Describes a minimal delay (in milliseconds).
2) scope Optional parameter. Describes a scope. Possible values are session or application. Default value is session.
3) cond Optional parameter. Describes a boolean value tag's behavior depends on. Default value is true (check a minimal delay).
 

for downloading:

 Library: postbackdelaytag.jar     Description: taglib.tld

 © Coldbeans      Comments?

See also Coldtags suite - the largest collection of custom JSP tags.

Also in Coldtags: