aspose file tools*
The moose likes Servlets and the fly likes Security Constraints to allow Links only Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security Constraints to allow Links only" Watch "Security Constraints to allow Links only" New topic
Author

Security Constraints to allow Links only

Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Hey,

I have used <auth-constraint/> in my security constraint to block direct access to servlets in my site.
But to my horror, i cannot even link to them or use them with doPost() etc.

My understanding was that <auth-constraint/> blocked direct access only. How do i circumvent this?

To rehash, i dont want user to enter direct URL (except for the website's home page). The only way the user can access different parts of the website is clicking through links.

Thanks,
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2713
    
    5

So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


SCJP, SCWCD.
|Asking Good Questions|
Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Amit Ghorpade wrote:So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


Does setting up a filter take much effort?
The scope of security for this site is very limited as it is just a project website.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2713
    
    5

Stevie Shorey wrote:Does setting up a filter take much effort?

Not at all, I am not saying it is dead easy but it is certainly not a biggie.
It is just like any other servlet code with its own special capabilities.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Constraints to allow Links only
 
Similar Threads
security-role
Marcus Green Quiz 1 - Mock Exam Question Doubt
Authorisation related
Problem with security constraint
Form based authentication in java server faces.