Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

Restrict raw XHTML Documents

Hi All,
        I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
 <security-constraint>    
        <display-name>Restrict XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
    </security-constraint>


But when I gave the following url in my browser
http://localhost:9081/rms/login.xhtml

It displayed the xhtml page.

How to solve this issue?
0
Tension
Asked:
Tension
  • 2
  • 2
1 Solution
 
humanonomicsCommented:
What Applicatiion/Web server are you using ?
0
 
TensionAuthor Commented:
I'm using websphere app server
0
 
objectsCommented:
safest would be too put them under WEB-INF directory
How do you want them to be accessed?
0
 
TensionAuthor Commented:
currently my files are in the below structure:
\WebContent\
                         -img
                         -javascript
                         -WEB-INF
                         -login.xhtml
                          .
                          .
                          accounts.xhtml

Now I cannot change the directroy structure...

I should not allow them to access directly from the web-browser url

http://localhost:9081/rms/login.xhtml
 
0
 
humanonomicsCommented:
why don't you do a small session management, Declare a flag in session on the first page, and then set its value to be true. And pass this flag in session to the next page.

And on every xhtml page you check the value of this session variable, if its not true or if the flag is not found in session, means, user is trying to access it from outside/directly and then you can display a specific message or redirect output to some other error page.

Else if the value of flag is true, then the user is navigating properly as desired by you, so let him continue.

Thanks
~Humanonomics.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now