You can not encrypt the whole url, as the url will not be understandable by the browser itself.
What you can do is you can encrypt the queryString part.
For example, currently if we have url like this :
First form a string like this "149~235", use any separator of
your choice, now encrypt this string and put
the new url as:
Now the request parameter refId has the encrypted string.
In the receiving action/jsp, retrieve the refId request parameter, decrypt it and separate out based on separator,
you will have the values back as 149 and 235 where 149 is appId and 235 is rollId.
You can use java encryption api for the same.