Solved

2 web servers: 1 creates a dynamic URL that a user clicks on and is redirected to the 2nd server where content is downloaded

Posted on 2011-02-27
3
356 Views
Last Modified: 2013-11-05
Hello, I am new to Apache and have this scenario: Server A creates a dynamic URL that is not easily predictable with a jsessionID. When a user clinks on this link, he or she is redirected to server B where content is viewed. My question is this: how do I configure server B so the dynamic URL is accepted, with its corresponding jsessionID, and correct directory can be accessed by the user with the appropriate content? I imagine a rediect must be used. What must be done on server B's web server to match the dynamic URL with the correct directory? Are jsessionID's the correct control to use or should something else be implemented?
0
Comment
Question by:krella
  • 2
3 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 34997498
So, what I hear is that server A creates a URL pointed at sever B that has a parameter set to the value of the session id created for that session on server A.

Something like http://serverb/page.jsp?id=2dt2d0d423grddp92f4t

Not knowing what end result you are wanting its really hard to say.  However, if server A also insert the session id into a DB table, then server B could match the parameter value against that table to do something with it.

We really need more information to help here.
0
 

Author Comment

by:krella
ID: 34997764
Thanks for getting back to me, Jeremy. The end result is a user downloading content (pdf probably) from server B.

If server A serves the URL, http://serverb/page.jsp?id=2dt2d0d423grddp92f4t, how do we configure the web site on server B that this URL points to? Also, the jsessionID is most likely needed to ensure the user gets only the content that he or she has access to.

Also, these servers are in separate locations and do not share a common domain or realm. So, how can server B match the jsessionID produced by serverA, to ensure authorization? They will not have access to a common database. Does this help?

0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 500 total points
ID: 34998080
Ok, well, do accomplish this, you would have to have some type of Access Management (You can build your own, or look at software packages targeted at doing this. http://java.net/projects/opensso/), or go about it a different way.  

Server A could simply redirect to server B, where server B does the authentication and content control.  However, I imagine that you are authenticating on server A, and serving content from server B for a good reason?  You could create the URL on server A to redirect to a authentication page on server B that would authenticate then server the content based on a paremeter in the URL, you would just have to create that app on server B to do so. (ie http://serverb/auth.jsp?id=nameoffile.pdf), the user would enter the credentials, and the page would stream back the file named in the parameter "id".

Another way would to have server B query back to server A to make sure the session is valid (This would be a form of Access Management)

Or, server A would create a URL to the accessible content on server B, so you would authenticate to server A, and it would check some mechanism to make sure that user has access to the content, then configure a URL to the content on server B (http://serverb/content.jsp?id=nameofpdf.pdf)

I will add that, unless you have the pdfs on server b stored in some access controllable environment (Like a DB, or file system not in DocumentRoot, but accessed by a webapp and streamed) and just sitting somewhere in your webserver's DocumentRoot then they are really not secure and can be accessed by anyone, and we'll eventually get crawled by search engines if the site is on the public internet.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now