Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restrict acessing staic data inside ear file using URL's in Websphere

Posted on 2004-10-06
2
Medium Priority
?
278 Views
Last Modified: 2008-03-06
Hello,

We are using WAS 5.0 Base edition. Our site is form based log on. So When acessing JSP pages pages then we know whether used is signed or not using session object.

I need to implement security while acessing statics data inside EAR file. Static data PDF's word documents etc.

My questions are

1. When user types direct URL for document, then how can I check whether user is signed on to our website ot not?
2. How can expire documents viewd by user so that he won't book mark the URL's

I thinking J2EE security for acessing WEB-INF folder inside EAR file. But I am not aware what I need to do or where I can find the documentation.

Thanks in advance
Prasad
0
Comment
Question by:l_prasad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
kiranhk earned 150 total points
ID: 12243452
Hi,
You can restrict direct access to pages from the web.xml

just check out the http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
it will explain all abt the steps

<security-constraint>
<web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <description>Security constraint /secure</description>
  <url-pattern>/secure/*</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
</web-resource-collection>

you can add the above in your web.xml to restrict direct access to the web pages.

hope this helps

Kiran
0
 
LVL 1

Expert Comment

by:jLasitha
ID: 12246686
1)You can hold loggin information in a session. As a example create a instance that can hold logged-in user info.( ex: CLogin class ).In loggin page you can add user info to the instance and add it to the session( ex: session.setAttribute( "LoginInfo" , loggin info instance ).In each page check the session and obtain the instance.If the user is not loggin he you will get a null object.If it's null you can redirect the page to the login page

if( session.getAttribute( "LoginInfo" ) == null )
{
 responce.sendRedirect( "login.jsp");
}

2) same way..you can colllect the data each time and maitain a info instance in your session.check it each time you want
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question