This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Security Constraints to allow Links only Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security Constraints to allow Links only" Watch "Security Constraints to allow Links only" New topic
Author

Security Constraints to allow Links only

Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Hey,

I have used <auth-constraint/> in my security constraint to block direct access to servlets in my site.
But to my horror, i cannot even link to them or use them with doPost() etc.

My understanding was that <auth-constraint/> blocked direct access only. How do i circumvent this?

To rehash, i dont want user to enter direct URL (except for the website's home page). The only way the user can access different parts of the website is clicking through links.

Thanks,
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


SCJP, SCWCD.
|Asking Good Questions|
Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Amit Ghorpade wrote:So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


Does setting up a filter take much effort?
The scope of security for this site is very limited as it is just a project website.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

Stevie Shorey wrote:Does setting up a filter take much effort?

Not at all, I am not saying it is dead easy but it is certainly not a biggie.
It is just like any other servlet code with its own special capabilities.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security Constraints to allow Links only
 
Similar Threads
security-role
Authorisation related
Marcus Green Quiz 1 - Mock Exam Question Doubt
Form based authentication in java server faces.
Problem with security constraint