I'm on apache server and use a PHP HTTP_REFERER just to check that a few clients are accessing from pre-determined URLS. I have someone inquiring about accessing from a JAVA application. I know nothing about JAVA and I'm trying to find an alternative way to recognize the referring location accessing my php files. (I've also used an .htaccess with HTTP_REFERER in the past but again not for JAVA trying to gain access).
This doesn't need to be a complex "fort knox" solution because I know HTTP_REFERER isn't that in the first place, I just don't want the link being passed around freely in the wild.
?
The question depends on what HTTP library your client is using to access your stuff from Java. A decent HTTP client library (e.g. Apache HTTPClient) will let you set arbitrary headers. See for example http://hc.apache.org/httpcomponents-client-ga/tutorial/html/httpagent.html.
I just don't want the link being passed around freely in the wild.
Why not setup an API access via a key that is passed via the URL?
Example:
mypage.php?key=hjuedh78923hjhbdjb990823908bnhdjhh20JHGSdjla
Then check $_GET['key'] to make sure that it is a valid registered key.
Of course, this method rests on whether or not you trust those with the Java application.