wood burning stoves 2.0*
The moose likes Servlets and the fly likes Security Constraints to allow Links only Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security Constraints to allow Links only" Watch "Security Constraints to allow Links only" New topic
Author

Security Constraints to allow Links only

Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Hey,

I have used <auth-constraint/> in my security constraint to block direct access to servlets in my site.
But to my horror, i cannot even link to them or use them with doPost() etc.

My understanding was that <auth-constraint/> blocked direct access only. How do i circumvent this?

To rehash, i dont want user to enter direct URL (except for the website's home page). The only way the user can access different parts of the website is clicking through links.

Thanks,
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


SCJP, SCWCD.
|Asking Good Questions|
Stevie Shorey
Ranch Hand

Joined: Dec 10, 2012
Posts: 45

Amit Ghorpade wrote:So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


Does setting up a filter take much effort?
The scope of security for this site is very limited as it is just a project website.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

Stevie Shorey wrote:Does setting up a filter take much effort?

Not at all, I am not saying it is dead easy but it is certainly not a biggie.
It is just like any other servlet code with its own special capabilities.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Security Constraints to allow Links only