Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Restrict raw XHTML Documents

Posted on 2008-06-10
7
386 Views
Last Modified: 2008-06-18
Hi All,
        I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
 <security-constraint>    
        <display-name>Restrict XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
    </security-constraint>


But when I gave the following url in my browser
http://localhost:9081/rms/login.xhtml

It displayed the xhtml page.

How to solve this issue?
0
Comment
Question by:Tension
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:humanonomics
ID: 21757198
What Applicatiion/Web server are you using ?
0
 

Author Comment

by:Tension
ID: 21757207
I'm using websphere app server
0
 
LVL 92

Expert Comment

by:objects
ID: 21757213
safest would be too put them under WEB-INF directory
How do you want them to be accessed?
0
 

Author Comment

by:Tension
ID: 21757361
currently my files are in the below structure:
\WebContent\
                         -img
                         -javascript
                         -WEB-INF
                         -login.xhtml
                          .
                          .
                          accounts.xhtml

Now I cannot change the directroy structure...

I should not allow them to access directly from the web-browser url

http://localhost:9081/rms/login.xhtml
 
0
 
LVL 7

Accepted Solution

by:
humanonomics earned 50 total points
ID: 21759593
why don't you do a small session management, Declare a flag in session on the first page, and then set its value to be true. And pass this flag in session to the next page.

And on every xhtml page you check the value of this session variable, if its not true or if the flag is not found in session, means, user is trying to access it from outside/directly and then you can display a specific message or redirect output to some other error page.

Else if the value of flag is true, then the user is navigating properly as desired by you, so let him continue.

Thanks
~Humanonomics.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For customizing the look of your lightweight component and making it look lucid like it was made of glass. Or: how to make your component more Apple-ish ;) This tip assumes your component to be of rectangular shape and completely opaque. (COD…
Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question