Access Restriction to a url/folder deployed on Tomcat server

Discussion in 'Java' started by Sameer, Dec 22, 2006.

  1. Sameer

    Sameer Guest

    Dear All,
    My jsp application gives access to a url after authentication and
    generates a report using that url.
    I am using Tomcat 5.5. as application server to authorize webpages.
    But i noted that if i copy that generated url and paste it on IE
    address bar, i can still acces it without any authentication which is
    not supposed to happen.
    What i have to do to avaoid this?
    Can i do this at application level or server level?
    Please help.
    -Sameer
     
    Sameer, Dec 22, 2006
    #1
    1. Advertising

  2. Sameer

    ck Guest

    This means that you need to redesign the webapp and apply some sort of
    security check for the protected pages.
    There are several ways

    Controlling Client Access
    1) You could block access to entire resource or just a portion of the
    resource
    If Client must log on to access a view then add a custom tag on top of
    each of the page for access check

    Eg: - <%@ taglib uri="/WEB-INF/yourtaglibrary.tld" prefix="yourtaglib"
    %>
    <yourtaglib:guard/>
    <HTML>
    .
    .
    .
    </HTML>
    2) Guarding by Configuration
    The pages that has to be protected can be placed in a folder inside
    WEB-INF so no one can access the pages directly by typing the url in
    the bar
    You need to write a servlet that would check for valid session, if
    found the user would be forwarded to the relevant page

    There are many more ways of doing this, you can look up for J2EE
    patterns for more information

    Hope this helps

    Cheers,
    Ck
    http://www.gfour.net



    Sameer wrote:
    > Dear All,
    > My jsp application gives access to a url after authentication and
    > generates a report using that url.
    > I am using Tomcat 5.5. as application server to authorize webpages.
    > But i noted that if i copy that generated url and paste it on IE
    > address bar, i can still acces it without any authentication which is
    > not supposed to happen.
    > What i have to do to avaoid this?
    > Can i do this at application level or server level?
    > Please help.
    > -Sameer
     
    ck, Dec 22, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Qian
    Replies:
    0
    Views:
    1,797
    Peter Qian
    Jun 29, 2005
  2. Sachin
    Replies:
    3
    Views:
    930
    JIMCO Software
    Oct 11, 2005
  3. Bob Dushok
    Replies:
    0
    Views:
    600
    Bob Dushok
    Oct 4, 2003
  4. Java Job
    Replies:
    1
    Views:
    4,208
    Mike Schilling
    Aug 5, 2004
  5. Mahain

    unable to access webservice deployed to remote server.

    Mahain, May 4, 2009, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    702
    Mahain
    May 4, 2009
Loading...

Share This Page