• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent from directly loading javascript file from browser URL?

 
Jack Tian
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because existing application did not have JAAS set up and it uses comtomized authantication and authorization.
I give up to use role-name and URL mapping to configure the permission in web.xml file.
Instead I try to set up one filter or servlet to authanticate the URL for javascript file loading.
If user account is in the http session, then javascript file can be loaded. Otherwise, send the error.
in web.xml, I add
<servlet-mapping>
<servlet-name>AccessCheckServlet</servlet-name>
<url-pattern>/scripts/*</url-pattern>
</servlet-mapping>

in the servlet doGet method, I wrote:
HttpSession session = request.getSession();
User user = (User) session.getAttribute(USER_KEY);
if(user == null){response.setStatus(400);}
else{
super.doGet(request, response); // problem code, I tried some other way}

no matter how I try, the javascript can not load to browser properly after login
if the jsp file head has javascript included.

Can someone help me out how to use servlet to load javascript file?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A JavaScript file can be streamed to a client just like any other file.
 
Jack Tian
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where can I find the source code for streaming the js file?
Is there a way, servlet only checks the authentication, leave the loading file to web server?
Cause originally, web server does the js file loading.
 
Rajkishore Pujari
Ranch Hand
Posts: 46
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
try doing authentication in the filter instead.
 
Jack Tian
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Filter works. I made a mistake and thought filter has to combine with a servlet.
Thanks.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic