Solved

2 web servers: 1 creates a dynamic URL that a user clicks on and is redirected to the 2nd server where content is downloaded

Posted on 2011-02-27
3
358 Views
Last Modified: 2013-11-05
Hello, I am new to Apache and have this scenario: Server A creates a dynamic URL that is not easily predictable with a jsessionID. When a user clinks on this link, he or she is redirected to server B where content is viewed. My question is this: how do I configure server B so the dynamic URL is accepted, with its corresponding jsessionID, and correct directory can be accessed by the user with the appropriate content? I imagine a rediect must be used. What must be done on server B's web server to match the dynamic URL with the correct directory? Are jsessionID's the correct control to use or should something else be implemented?
0
Comment
Question by:krella
  • 2
3 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 34997498
So, what I hear is that server A creates a URL pointed at sever B that has a parameter set to the value of the session id created for that session on server A.

Something like http://serverb/page.jsp?id=2dt2d0d423grddp92f4t

Not knowing what end result you are wanting its really hard to say.  However, if server A also insert the session id into a DB table, then server B could match the parameter value against that table to do something with it.

We really need more information to help here.
0
 

Author Comment

by:krella
ID: 34997764
Thanks for getting back to me, Jeremy. The end result is a user downloading content (pdf probably) from server B.

If server A serves the URL, http://serverb/page.jsp?id=2dt2d0d423grddp92f4t, how do we configure the web site on server B that this URL points to? Also, the jsessionID is most likely needed to ensure the user gets only the content that he or she has access to.

Also, these servers are in separate locations and do not share a common domain or realm. So, how can server B match the jsessionID produced by serverA, to ensure authorization? They will not have access to a common database. Does this help?

0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 500 total points
ID: 34998080
Ok, well, do accomplish this, you would have to have some type of Access Management (You can build your own, or look at software packages targeted at doing this. http://java.net/projects/opensso/), or go about it a different way.  

Server A could simply redirect to server B, where server B does the authentication and content control.  However, I imagine that you are authenticating on server A, and serving content from server B for a good reason?  You could create the URL on server A to redirect to a authentication page on server B that would authenticate then server the content based on a paremeter in the URL, you would just have to create that app on server B to do so. (ie http://serverb/auth.jsp?id=nameoffile.pdf), the user would enter the credentials, and the page would stream back the file named in the parameter "id".

Another way would to have server B query back to server A to make sure the session is valid (This would be a form of Access Management)

Or, server A would create a URL to the accessible content on server B, so you would authenticate to server A, and it would check some mechanism to make sure that user has access to the content, then configure a URL to the content on server B (http://serverb/content.jsp?id=nameofpdf.pdf)

I will add that, unless you have the pdfs on server b stored in some access controllable environment (Like a DB, or file system not in DocumentRoot, but accessed by a webapp and streamed) and just sitting somewhere in your webserver's DocumentRoot then they are really not secure and can be accessed by anyone, and we'll eventually get crawled by search engines if the site is on the public internet.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question