Solved

2 web servers: 1 creates a dynamic URL that a user clicks on and is redirected to the 2nd server where content is downloaded

Posted on 2011-02-27
3
359 Views
Last Modified: 2013-11-05
Hello, I am new to Apache and have this scenario: Server A creates a dynamic URL that is not easily predictable with a jsessionID. When a user clinks on this link, he or she is redirected to server B where content is viewed. My question is this: how do I configure server B so the dynamic URL is accepted, with its corresponding jsessionID, and correct directory can be accessed by the user with the appropriate content? I imagine a rediect must be used. What must be done on server B's web server to match the dynamic URL with the correct directory? Are jsessionID's the correct control to use or should something else be implemented?
0
Comment
Question by:krella
  • 2
3 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 34997498
So, what I hear is that server A creates a URL pointed at sever B that has a parameter set to the value of the session id created for that session on server A.

Something like http://serverb/page.jsp?id=2dt2d0d423grddp92f4t

Not knowing what end result you are wanting its really hard to say.  However, if server A also insert the session id into a DB table, then server B could match the parameter value against that table to do something with it.

We really need more information to help here.
0
 

Author Comment

by:krella
ID: 34997764
Thanks for getting back to me, Jeremy. The end result is a user downloading content (pdf probably) from server B.

If server A serves the URL, http://serverb/page.jsp?id=2dt2d0d423grddp92f4t, how do we configure the web site on server B that this URL points to? Also, the jsessionID is most likely needed to ensure the user gets only the content that he or she has access to.

Also, these servers are in separate locations and do not share a common domain or realm. So, how can server B match the jsessionID produced by serverA, to ensure authorization? They will not have access to a common database. Does this help?

0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 500 total points
ID: 34998080
Ok, well, do accomplish this, you would have to have some type of Access Management (You can build your own, or look at software packages targeted at doing this. http://java.net/projects/opensso/), or go about it a different way.  

Server A could simply redirect to server B, where server B does the authentication and content control.  However, I imagine that you are authenticating on server A, and serving content from server B for a good reason?  You could create the URL on server A to redirect to a authentication page on server B that would authenticate then server the content based on a paremeter in the URL, you would just have to create that app on server B to do so. (ie http://serverb/auth.jsp?id=nameoffile.pdf), the user would enter the credentials, and the page would stream back the file named in the parameter "id".

Another way would to have server B query back to server A to make sure the session is valid (This would be a form of Access Management)

Or, server A would create a URL to the accessible content on server B, so you would authenticate to server A, and it would check some mechanism to make sure that user has access to the content, then configure a URL to the content on server B (http://serverb/content.jsp?id=nameofpdf.pdf)

I will add that, unless you have the pdfs on server b stored in some access controllable environment (Like a DB, or file system not in DocumentRoot, but accessed by a webapp and streamed) and just sitting somewhere in your webserver's DocumentRoot then they are really not secure and can be accessed by anyone, and we'll eventually get crawled by search engines if the site is on the public internet.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question