• Post Reply Bookmark Topic Watch Topic
  • New Topic

Blocking direct access to xhtmls  RSS feed

 
Kevin P Smith
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys, just wondering if someone could help with this (what should be) simple security fix.

I have just started looking at building a JSF based webapp and am using the recommended XHTML method for the pages. I want to block users' direct access to the xtml files.

I have used this which I thought would work, but I can still access an XHTML directly.

 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, I think it's "with no roles defined, all access granted, but I'd have to RTFM.

You could probably block direct access by coding a servlet that displays a "404" or error page and map "*.xhtml" URLs to go there. The JSF resource fetcher doesn't (as far as I know) care about xhtml URLS, since it's fetching the files directly.
 
Kevin P Smith
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorted

I just rebuilt the WAR/EAr file and redeplyed fromscratch, also I think my web.xml elements were not in the correct order.

Now pops up a login dialog and a 401 error is you click cancel
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!