Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securing acessing JSP's and HTML pages in an J2EE application running on WebSphere

Posted on 2004-09-02
11
Medium Priority
?
289 Views
Last Modified: 2013-11-24
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
Comment
Question by:l_prasad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Author Comment

by:l_prasad
ID: 11964445
Hello,

We have a j2EE application running on WebSphere. We use form based login to autenticate the client. Foloowing are the things I am trying to implement

1. I want to restrict acessing JSP's and HTML pages etc directly using URL's
2. I want to hide the URL's on the browser

Cheers
Prasad
0
 
LVL 35

Expert Comment

by:girionis
ID: 11964497
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11964528
1. Not sure what you mean
2. You can do this with frames, but that means that browsers with no frames support can't see your site, and anyone with an once of programming ability (or the right tools) can just see the URLs anyway

;)
0
The top UI technologies you need to be aware of

An important part of the job as a front-end developer is to stay up to date and in contact with new tools, trends and workflows. That’s why you cannot miss this upcoming webinar to explore the latest trends in UI technologies!

 
LVL 2

Expert Comment

by:beermequik
ID: 11965032
When the user logs in, I store the user info (username, accessible apps, etc) in an object on the session.

In every jsp, I try to get the user object from the session.  If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

I dont use plain HTML pages unless they are imported into a jsp to be part of a page.

As for keeping the url from sight.....I go from page to page via javascript

instead of
<a href="some.jsp">link</a>

I do
<a href="javascript:goSomewhere()">link</a>

function goSomewhere(){
    location = some.jsp;
}

0
 

Author Comment

by:l_prasad
ID: 11965201
Hello beermequik,

When the user logs on, we store the user info (username, accessible apps, etc) in an object on the session.

When a servelt called then we check the session object. If it is absent or the user doesnt have access assigned to them they are redirected to a login screen.

This application allready developed, and it has couple of hundered JSP's. Changing all the JSP's is time consuming.

I am looking for a solution in-side the webSphere to do this. If you have an idea please let me know.
Also I need to secure the static data which is html, docs and PDF files inside the WAR file. I have an little idea where J2EE security enables doing this kind of stuff may. I am looking for an documentation how I can do J2EE security in WebSphere.

Thanks
0
 
LVL 35

Accepted Solution

by:
girionis earned 200 total points
ID: 11965364
You do not have to change all the JSPs or do any manual changes if you let the container take care of this.

> . I am looking for an documentation how I can do J2EE security in WebSphere.

I read the server wrongly, the link I posted refers to WLS. But the general idea is the same. You need to add somethign liek thsi in your web.xml file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Restricted Area</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>arolename</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

Have a look at WAS documents, I am sure you will find more info.
0
 

Author Comment

by:l_prasad
ID: 11965726
Thanks for the information.
0
 

Author Comment

by:l_prasad
ID: 11965744
Do you know where can I find the documentation for WebSphere for security implementation? some white papers on how security implemented with WebSphere.

Thanks in Advance
0
 
LVL 35

Expert Comment

by:girionis
ID: 11965850
You should already have the docs if you have was.
0

Featured Post

Build and deliver software with DevOps

A digital transformation requires faster time to market, shorter software development lifecycles, and the ability to adapt rapidly to changing customer demands. DevOps provides the solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This video teaches viewers about errors in exception handling.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question