Solved

Securing acessing JSP's and HTML pages in an J2EE application running on WebSphere

Posted on 2004-09-02
11
275 Views
Last Modified: 2013-11-24
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
Comment
Question by:l_prasad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Author Comment

by:l_prasad
ID: 11964445
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
 
LVL 35

Expert Comment

by:girionis
ID: 11964497
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11964528
1. Not sure what you mean
2. You can do this with frames, but that means that browsers with no frames support can't see your site, and anyone with an once of programming ability (or the right tools) can just see the URLs anyway

;)
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 2

Expert Comment

by:beermequik
ID: 11965032
When the user logs in, I store the user info (username, accessible apps, etc) in an object on the session.

In every jsp, I try to get the user object from the session.  If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

I dont use plain HTML pages unless they are imported into a jsp to be part of a page.

As for keeping the url from sight.....I go from page to page via javascript

instead of
<a href="some.jsp">link</a>

I do
<a href="javascript:goSomewhere()">link</a>

function goSomewhere(){
    location = some.jsp;
}

0
 

Author Comment

by:l_prasad
ID: 11965201
Hello beermequik,

When the user logs on, we store the user info (username, accessible apps, etc) in an object on the session.

When a servelt called then we check the session object. If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

This application allready developed, and it has couple of hundered JSP's. Changing all the JSP's is time consuming.

I am looking for a solution in-side the webSphere to do this. If you have an idea please let me know.
Also I need to secure the static data which is html, docs and PDF files inside the WAR file. I have an little idea where J2EE security enables doing this kind of stuff may. I am looking for an documentation how I can do J2EE security in WebSphere.

Thanks
0
 
LVL 35

Accepted Solution

by:
girionis earned 50 total points
ID: 11965364
You do not have to change all the JSPs or do any manual changes if you let the container take care of this.

> . I am looking for an documentation how I can do J2EE security in WebSphere.

I read the server wrongly, the link I posted refers to WLS. But the general idea is the same. You need to add somethign liek thsi in your web.xml file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Restricted Area</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>arolename</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

Have a look at WAS documents, I am sure you will find more info.
0
 

Author Comment

by:l_prasad
ID: 11965726
Thanks for the information.
0
 

Author Comment

by:l_prasad
ID: 11965744
Do you know where can I find the documentation for WebSphere for security implementation? some white papers on how security implemented with WebSphere.

Thanks in Advance
0
 
LVL 35

Expert Comment

by:girionis
ID: 11965850
You should already have the docs if you have was.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question