Solved

2 web servers: 1 creates a dynamic URL that a user clicks on and is redirected to the 2nd server where content is downloaded

Posted on 2011-02-27
3
360 Views
Last Modified: 2013-11-05
Hello, I am new to Apache and have this scenario: Server A creates a dynamic URL that is not easily predictable with a jsessionID. When a user clinks on this link, he or she is redirected to server B where content is viewed. My question is this: how do I configure server B so the dynamic URL is accepted, with its corresponding jsessionID, and correct directory can be accessed by the user with the appropriate content? I imagine a rediect must be used. What must be done on server B's web server to match the dynamic URL with the correct directory? Are jsessionID's the correct control to use or should something else be implemented?
0
Comment
Question by:krella
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 34997498
So, what I hear is that server A creates a URL pointed at sever B that has a parameter set to the value of the session id created for that session on server A.

Something like http://serverb/page.jsp?id=2dt2d0d423grddp92f4t

Not knowing what end result you are wanting its really hard to say.  However, if server A also insert the session id into a DB table, then server B could match the parameter value against that table to do something with it.

We really need more information to help here.
0
 

Author Comment

by:krella
ID: 34997764
Thanks for getting back to me, Jeremy. The end result is a user downloading content (pdf probably) from server B.

If server A serves the URL, http://serverb/page.jsp?id=2dt2d0d423grddp92f4t, how do we configure the web site on server B that this URL points to? Also, the jsessionID is most likely needed to ensure the user gets only the content that he or she has access to.

Also, these servers are in separate locations and do not share a common domain or realm. So, how can server B match the jsessionID produced by serverA, to ensure authorization? They will not have access to a common database. Does this help?

0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 500 total points
ID: 34998080
Ok, well, do accomplish this, you would have to have some type of Access Management (You can build your own, or look at software packages targeted at doing this. http://java.net/projects/opensso/), or go about it a different way.  

Server A could simply redirect to server B, where server B does the authentication and content control.  However, I imagine that you are authenticating on server A, and serving content from server B for a good reason?  You could create the URL on server A to redirect to a authentication page on server B that would authenticate then server the content based on a paremeter in the URL, you would just have to create that app on server B to do so. (ie http://serverb/auth.jsp?id=nameoffile.pdf), the user would enter the credentials, and the page would stream back the file named in the parameter "id".

Another way would to have server B query back to server A to make sure the session is valid (This would be a form of Access Management)

Or, server A would create a URL to the accessible content on server B, so you would authenticate to server A, and it would check some mechanism to make sure that user has access to the content, then configure a URL to the content on server B (http://serverb/content.jsp?id=nameofpdf.pdf)

I will add that, unless you have the pdfs on server b stored in some access controllable environment (Like a DB, or file system not in DocumentRoot, but accessed by a webapp and streamed) and just sitting somewhere in your webserver's DocumentRoot then they are really not secure and can be accessed by anyone, and we'll eventually get crawled by search engines if the site is on the public internet.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question