Solved

Restrict raw XHTML Documents

Posted on 2008-06-10
7
394 Views
Last Modified: 2008-06-18
Hi All,
        I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
 <security-constraint>    
        <display-name>Restrict XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
    </security-constraint>


But when I gave the following url in my browser
http://localhost:9081/rms/login.xhtml

It displayed the xhtml page.

How to solve this issue?
0
Comment
Question by:Tension
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:humanonomics
ID: 21757198
What Applicatiion/Web server are you using ?
0
 

Author Comment

by:Tension
ID: 21757207
I'm using websphere app server
0
 
LVL 92

Expert Comment

by:objects
ID: 21757213
safest would be too put them under WEB-INF directory
How do you want them to be accessed?
0
 

Author Comment

by:Tension
ID: 21757361
currently my files are in the below structure:
\WebContent\
                         -img
                         -javascript
                         -WEB-INF
                         -login.xhtml
                          .
                          .
                          accounts.xhtml

Now I cannot change the directroy structure...

I should not allow them to access directly from the web-browser url

http://localhost:9081/rms/login.xhtml
 
0
 
LVL 7

Accepted Solution

by:
humanonomics earned 50 total points
ID: 21759593
why don't you do a small session management, Declare a flag in session on the first page, and then set its value to be true. And pass this flag in session to the next page.

And on every xhtml page you check the value of this session variable, if its not true or if the flag is not found in session, means, user is trying to access it from outside/directly and then you can display a specific message or redirect output to some other error page.

Else if the value of flag is true, then the user is navigating properly as desired by you, so let him continue.

Thanks
~Humanonomics.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
xampp tool 12 58
jboss wildfly 10.1 10 415
How  can  i  resolve  HTTP Status 404 -? 8 58
How to log java errors in tomcat 8 24
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question