Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

Securing acessing JSP's and HTML pages in an J2EE application running on WebSphere

Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
l_prasad
Asked:
l_prasad
1 Solution
 
l_prasadAuthor Commented:
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
 
TimYatesCommented:
1. Not sure what you mean
2. You can do this with frames, but that means that browsers with no frames support can't see your site, and anyone with an once of programming ability (or the right tools) can just see the URLs anyway

;)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
beermequikCommented:
When the user logs in, I store the user info (username, accessible apps, etc) in an object on the session.

In every jsp, I try to get the user object from the session.  If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

I dont use plain HTML pages unless they are imported into a jsp to be part of a page.

As for keeping the url from sight.....I go from page to page via javascript

instead of
<a href="some.jsp">link</a>

I do
<a href="javascript:goSomewhere()">link</a>

function goSomewhere(){
    location = some.jsp;
}

0
 
l_prasadAuthor Commented:
Hello beermequik,

When the user logs on, we store the user info (username, accessible apps, etc) in an object on the session.

When a servelt called then we check the session object. If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

This application allready developed, and it has couple of hundered JSP's. Changing all the JSP's is time consuming.

I am looking for a solution in-side the webSphere to do this. If you have an idea please let me know.
Also I need to secure the static data which is html, docs and PDF files inside the WAR file. I have an little idea where J2EE security enables doing this kind of stuff may. I am looking for an documentation how I can do J2EE security in WebSphere.

Thanks
0
 
girionisCommented:
You do not have to change all the JSPs or do any manual changes if you let the container take care of this.

> . I am looking for an documentation how I can do J2EE security in WebSphere.

I read the server wrongly, the link I posted refers to WLS. But the general idea is the same. You need to add somethign liek thsi in your web.xml file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Restricted Area</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>arolename</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

Have a look at WAS documents, I am sure you will find more info.
0
 
l_prasadAuthor Commented:
Thanks for the information.
0
 
l_prasadAuthor Commented:
Do you know where can I find the documentation for WebSphere for security implementation? some white papers on how security implemented with WebSphere.

Thanks in Advance
0
 
girionisCommented:
You should already have the docs if you have was.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now