Access Restriction to a url/folder deployed on Tomcat server

Thread view:

Sameer - 22 Dec 2006 10:23 GMT

Dear All,
My jsp application gives access to a url after authentication and
generates a report using that url.
I am using Tomcat 5.5. as application server to authorize webpages.
But i noted that if i copy that generated url and paste it on IE
address bar, i can still acces it without any authentication which is
not supposed to happen.
What i have to do to avaoid this?
Can i do this at application level or server level?
Please help.
-Sameer

Reply to this Message

ck - 22 Dec 2006 11:10 GMT

This means that you need to redesign the webapp and apply some sort of
security check for the protected pages.
There are several ways

Controlling Client Access
1) You could block access to entire resource or just a portion of the
resource
If Client must log on to access a view then add a custom tag on top of
each of the page for access check

Eg: - <%@ taglib uri="/WEB-INF/yourtaglibrary.tld" prefix="yourtaglib"
%>
<yourtaglib:guard/>
<HTML>
.
.
.
</HTML>
2) Guarding by Configuration
The pages that has to be protected can be placed in a folder inside
WEB-INF so no one can access the pages directly by typing the url in
the bar
You need to write a servlet that would check for valid session, if
found the user would be forwarded to the relevant page

There are many more ways of doing this, you can look up for J2EE
patterns for more information

Hope this helps

Cheers,
Ck
http://www.gfour.net

> Dear All,
> My jsp application gives access to a url after authentication and
[quoted text clipped - 7 lines]
> Please help.
> -Sameer

Reply to this Message

Access Restriction to a url/folder deployed on Tomcat server

Free Magazines