Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restrict raw XHTML Documents

Posted on 2008-06-10
7
Medium Priority
?
407 Views
Last Modified: 2008-06-18
Hi All,
        I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
 <security-constraint>    
        <display-name>Restrict XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
    </security-constraint>


But when I gave the following url in my browser
http://localhost:9081/rms/login.xhtml

It displayed the xhtml page.

How to solve this issue?
0
Comment
Question by:Tension
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:humanonomics
ID: 21757198
What Applicatiion/Web server are you using ?
0
 

Author Comment

by:Tension
ID: 21757207
I'm using websphere app server
0
 
LVL 92

Expert Comment

by:objects
ID: 21757213
safest would be too put them under WEB-INF directory
How do you want them to be accessed?
0
 

Author Comment

by:Tension
ID: 21757361
currently my files are in the below structure:
\WebContent\
                         -img
                         -javascript
                         -WEB-INF
                         -login.xhtml
                          .
                          .
                          accounts.xhtml

Now I cannot change the directroy structure...

I should not allow them to access directly from the web-browser url

http://localhost:9081/rms/login.xhtml
 
0
 
LVL 7

Accepted Solution

by:
humanonomics earned 200 total points
ID: 21759593
why don't you do a small session management, Declare a flag in session on the first page, and then set its value to be true. And pass this flag in session to the next page.

And on every xhtml page you check the value of this session variable, if its not true or if the flag is not found in session, means, user is trying to access it from outside/directly and then you can display a specific message or redirect output to some other error page.

Else if the value of flag is true, then the user is navigating properly as desired by you, so let him continue.

Thanks
~Humanonomics.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question