Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Securing acessing JSP's and HTML pages in an J2EE application running on WebSphere

Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
l_prasad
Asked:
l_prasad
1 Solution
 
l_prasadAuthor Commented:
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
 
TimYatesCommented:
1. Not sure what you mean
2. You can do this with frames, but that means that browsers with no frames support can't see your site, and anyone with an once of programming ability (or the right tools) can just see the URLs anyway

;)
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
beermequikCommented:
When the user logs in, I store the user info (username, accessible apps, etc) in an object on the session.

In every jsp, I try to get the user object from the session.  If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

I dont use plain HTML pages unless they are imported into a jsp to be part of a page.

As for keeping the url from sight.....I go from page to page via javascript

instead of
<a href="some.jsp">link</a>

I do
<a href="javascript:goSomewhere()">link</a>

function goSomewhere(){
    location = some.jsp;
}

0
 
l_prasadAuthor Commented:
Hello beermequik,

When the user logs on, we store the user info (username, accessible apps, etc) in an object on the session.

When a servelt called then we check the session object. If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

This application allready developed, and it has couple of hundered JSP's. Changing all the JSP's is time consuming.

I am looking for a solution in-side the webSphere to do this. If you have an idea please let me know.
Also I need to secure the static data which is html, docs and PDF files inside the WAR file. I have an little idea where J2EE security enables doing this kind of stuff may. I am looking for an documentation how I can do J2EE security in WebSphere.

Thanks
0
 
girionisCommented:
You do not have to change all the JSPs or do any manual changes if you let the container take care of this.

> . I am looking for an documentation how I can do J2EE security in WebSphere.

I read the server wrongly, the link I posted refers to WLS. But the general idea is the same. You need to add somethign liek thsi in your web.xml file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Restricted Area</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>arolename</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

Have a look at WAS documents, I am sure you will find more info.
0
 
l_prasadAuthor Commented:
Thanks for the information.
0
 
l_prasadAuthor Commented:
Do you know where can I find the documentation for WebSphere for security implementation? some white papers on how security implemented with WebSphere.

Thanks in Advance
0
 
girionisCommented:
You should already have the docs if you have was.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now