Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2 web servers: 1 creates a dynamic URL that a user clicks on and is redirected to the 2nd server where content is downloaded

Posted on 2011-02-27
3
Medium Priority
?
362 Views
Last Modified: 2013-11-05
Hello, I am new to Apache and have this scenario: Server A creates a dynamic URL that is not easily predictable with a jsessionID. When a user clinks on this link, he or she is redirected to server B where content is viewed. My question is this: how do I configure server B so the dynamic URL is accepted, with its corresponding jsessionID, and correct directory can be accessed by the user with the appropriate content? I imagine a rediect must be used. What must be done on server B's web server to match the dynamic URL with the correct directory? Are jsessionID's the correct control to use or should something else be implemented?
0
Comment
Question by:krella
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 34997498
So, what I hear is that server A creates a URL pointed at sever B that has a parameter set to the value of the session id created for that session on server A.

Something like http://serverb/page.jsp?id=2dt2d0d423grddp92f4t

Not knowing what end result you are wanting its really hard to say.  However, if server A also insert the session id into a DB table, then server B could match the parameter value against that table to do something with it.

We really need more information to help here.
0
 

Author Comment

by:krella
ID: 34997764
Thanks for getting back to me, Jeremy. The end result is a user downloading content (pdf probably) from server B.

If server A serves the URL, http://serverb/page.jsp?id=2dt2d0d423grddp92f4t, how do we configure the web site on server B that this URL points to? Also, the jsessionID is most likely needed to ensure the user gets only the content that he or she has access to.

Also, these servers are in separate locations and do not share a common domain or realm. So, how can server B match the jsessionID produced by serverA, to ensure authorization? They will not have access to a common database. Does this help?

0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 2000 total points
ID: 34998080
Ok, well, do accomplish this, you would have to have some type of Access Management (You can build your own, or look at software packages targeted at doing this. http://java.net/projects/opensso/), or go about it a different way.  

Server A could simply redirect to server B, where server B does the authentication and content control.  However, I imagine that you are authenticating on server A, and serving content from server B for a good reason?  You could create the URL on server A to redirect to a authentication page on server B that would authenticate then server the content based on a paremeter in the URL, you would just have to create that app on server B to do so. (ie http://serverb/auth.jsp?id=nameoffile.pdf), the user would enter the credentials, and the page would stream back the file named in the parameter "id".

Another way would to have server B query back to server A to make sure the session is valid (This would be a form of Access Management)

Or, server A would create a URL to the accessible content on server B, so you would authenticate to server A, and it would check some mechanism to make sure that user has access to the content, then configure a URL to the content on server B (http://serverb/content.jsp?id=nameofpdf.pdf)

I will add that, unless you have the pdfs on server b stored in some access controllable environment (Like a DB, or file system not in DocumentRoot, but accessed by a webapp and streamed) and just sitting somewhere in your webserver's DocumentRoot then they are really not secure and can be accessed by anyone, and we'll eventually get crawled by search engines if the site is on the public internet.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question