Solved

Restrict raw XHTML Documents

Posted on 2008-06-10
7
362 Views
Last Modified: 2008-06-18
Hi All,
        I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
 <security-constraint>    
        <display-name>Restrict XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
    </security-constraint>


But when I gave the following url in my browser
http://localhost:9081/rms/login.xhtml

It displayed the xhtml page.

How to solve this issue?
0
Comment
Question by:Tension
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:humanonomics
ID: 21757198
What Applicatiion/Web server are you using ?
0
 

Author Comment

by:Tension
ID: 21757207
I'm using websphere app server
0
 
LVL 92

Expert Comment

by:objects
ID: 21757213
safest would be too put them under WEB-INF directory
How do you want them to be accessed?
0
 

Author Comment

by:Tension
ID: 21757361
currently my files are in the below structure:
\WebContent\
                         -img
                         -javascript
                         -WEB-INF
                         -login.xhtml
                          .
                          .
                          accounts.xhtml

Now I cannot change the directroy structure...

I should not allow them to access directly from the web-browser url

http://localhost:9081/rms/login.xhtml
 
0
 
LVL 7

Accepted Solution

by:
humanonomics earned 50 total points
ID: 21759593
why don't you do a small session management, Declare a flag in session on the first page, and then set its value to be true. And pass this flag in session to the next page.

And on every xhtml page you check the value of this session variable, if its not true or if the flag is not found in session, means, user is trying to access it from outside/directly and then you can display a specific message or redirect output to some other error page.

Else if the value of flag is true, then the user is navigating properly as desired by you, so let him continue.

Thanks
~Humanonomics.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now