Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Constraints to allow Links only

 
Stevie Shorey
Ranch Hand
Posts: 45
Android Chrome Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

I have used <auth-constraint/> in my security constraint to block direct access to servlets in my site.
But to my horror, i cannot even link to them or use them with doPost() etc.

My understanding was that <auth-constraint/> blocked direct access only. How do i circumvent this?

To rehash, i dont want user to enter direct URL (except for the website's home page). The only way the user can access different parts of the website is clicking through links.

Thanks,
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.
 
Stevie Shorey
Ranch Hand
Posts: 45
Android Chrome Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Amit Ghorpade wrote:So if the task is to have a particular access pattern for the application, you can put in filters and check for referer URL.


Does setting up a filter take much effort?
The scope of security for this site is very limited as it is just a project website.
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Stevie Shorey wrote:Does setting up a filter take much effort?

Not at all, I am not saying it is dead easy but it is certainly not a biggie.
It is just like any other servlet code with its own special capabilities.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic