How to remove access to information pages. List of Yellowfin information pages.

If you want to remove access to all information pages, irrespective of if a user is logged in or not, add the following code to the Yellowfin/appserver/webapps/ROOT/WEB-INF/web.xml file, just before the closing tag:

  <security-constraint>
<web-resource-collection>
<web-resource-name>server-info</web-resource-name>
<url-pattern>/info.jsp</url-pattern>
<url-pattern>/info_browser.jsp</url-pattern>
<url-pattern>/info_cache.jsp</url-pattern>
<url-pattern>/info_threads.jsp</url-pattern>
</web-resource-collection>
  <auth-constraint>
<role-name>denyaccess</role-name>
  </auth-constraint>
  </security-constraint>

If you still want your authenticated users to be able to view these pages, please use the following code instead:

  <filter>
    <filter-name>NotLoggedInFilter</filter-name>
    <filter-class>com.hof.adapter.NotLoggedInFilter</filter-class>
    <init-param> 
        <param-name>restrictedEntryPoint</param-name> 
        <param-value>/info.jsp,/info_threads.jsp,/info_cache.jsp,/info_browser.jsp</param-value> 
    </init-param> 
    <init-param> 
          <param-name>redirectUrl</param-name> 
          <param-value>/?</param-value> 
    </init-param> 
  </filter>
  <filter-mapping>
    <filter-name>NotLoggedInFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Either one of these change will require a restart of Yellowfin to take effect.

The list of YF "information" pages that are available to users without authenticating are:

info.jsp
info_browser.jsp
info_cache.jsp
info_threads.jsp

Please note: The contents of info.jsp is available to authenticated admin users through the admin console via the System Information link. The other info pages do not have any corresponding pages within the application.

Is article helpful?