Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Access Restriction to a url/folder deployed on Tomcat server

Reply
Thread Tools

Access Restriction to a url/folder deployed on Tomcat server

 
 
Sameer
Guest
Posts: n/a
 
      12-22-2006
Dear All,
My jsp application gives access to a url after authentication and
generates a report using that url.
I am using Tomcat 5.5. as application server to authorize webpages.
But i noted that if i copy that generated url and paste it on IE
address bar, i can still acces it without any authentication which is
not supposed to happen.
What i have to do to avaoid this?
Can i do this at application level or server level?
Please help.
-Sameer

 
Reply With Quote
 
 
 
 
ck
Guest
Posts: n/a
 
      12-22-2006
This means that you need to redesign the webapp and apply some sort of
security check for the protected pages.
There are several ways

Controlling Client Access
1) You could block access to entire resource or just a portion of the
resource
If Client must log on to access a view then add a custom tag on top of
each of the page for access check

Eg: - <%@ taglib uri="/WEB-INF/yourtaglibrary.tld" prefix="yourtaglib"
%>
<yourtaglib:guard/>
<HTML>
.
.
.
</HTML>
2) Guarding by Configuration
The pages that has to be protected can be placed in a folder inside
WEB-INF so no one can access the pages directly by typing the url in
the bar
You need to write a servlet that would check for valid session, if
found the user would be forwarded to the relevant page

There are many more ways of doing this, you can look up for J2EE
patterns for more information

Hope this helps

Cheers,
Ck
http://www.gfour.net



Sameer wrote:
> Dear All,
> My jsp application gives access to a url after authentication and
> generates a report using that url.
> I am using Tomcat 5.5. as application server to authorize webpages.
> But i noted that if i copy that generated url and paste it on IE
> address bar, i can still acces it without any authentication which is
> not supposed to happen.
> What i have to do to avaoid this?
> Can i do this at application level or server level?
> Please help.
> -Sameer


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to access webservice deployed to remote server. Mahain ASP .Net Web Services 0 05-04-2009 05:53 AM
IPC client in asp.net 2.0 Beta 2 gets Access denied error when deployed Peter Qian ASP .Net 0 06-29-2005 03:04 AM
Deployed Application ASP.NET: file and web access. Siu ASP .Net Security 1 03-07-2005 10:25 AM
Access files in deployed war from within JSP? Java Job Java 1 08-05-2004 08:53 PM
Mapping errors after app deployed to Tomcat Bob Dushok Java 0 10-04-2003 02:07 PM



Advertisments