Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Securing acessing JSP's and HTML pages in an J2EE application running on WebSphere

Posted on 2004-09-02
11
Medium Priority
?
292 Views
Last Modified: 2013-11-24
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
Comment
Question by:l_prasad
11 Comments
 

Author Comment

by:l_prasad
ID: 11964445
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
 
LVL 35

Expert Comment

by:girionis
ID: 11964497
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11964528
1. Not sure what you mean
2. You can do this with frames, but that means that browsers with no frames support can't see your site, and anyone with an once of programming ability (or the right tools) can just see the URLs anyway

;)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Expert Comment

by:beermequik
ID: 11965032
When the user logs in, I store the user info (username, accessible apps, etc) in an object on the session.

In every jsp, I try to get the user object from the session.  If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

I dont use plain HTML pages unless they are imported into a jsp to be part of a page.

As for keeping the url from sight.....I go from page to page via javascript

instead of
<a href="some.jsp">link</a>

I do
<a href="javascript:goSomewhere()">link</a>

function goSomewhere(){
    location = some.jsp;
}

0
 

Author Comment

by:l_prasad
ID: 11965201
Hello beermequik,

When the user logs on, we store the user info (username, accessible apps, etc) in an object on the session.

When a servelt called then we check the session object. If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

This application allready developed, and it has couple of hundered JSP's. Changing all the JSP's is time consuming.

I am looking for a solution in-side the webSphere to do this. If you have an idea please let me know.
Also I need to secure the static data which is html, docs and PDF files inside the WAR file. I have an little idea where J2EE security enables doing this kind of stuff may. I am looking for an documentation how I can do J2EE security in WebSphere.

Thanks
0
 
LVL 35

Accepted Solution

by:
girionis earned 200 total points
ID: 11965364
You do not have to change all the JSPs or do any manual changes if you let the container take care of this.

> . I am looking for an documentation how I can do J2EE security in WebSphere.

I read the server wrongly, the link I posted refers to WLS. But the general idea is the same. You need to add somethign liek thsi in your web.xml file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Restricted Area</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>arolename</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

Have a look at WAS documents, I am sure you will find more info.
0
 

Author Comment

by:l_prasad
ID: 11965726
Thanks for the information.
0
 

Author Comment

by:l_prasad
ID: 11965744
Do you know where can I find the documentation for WebSphere for security implementation? some white papers on how security implemented with WebSphere.

Thanks in Advance
0
 
LVL 35

Expert Comment

by:girionis
ID: 11965850
You should already have the docs if you have was.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question