How to ensure access to a custom JSP is authenticated?

Jijoe Vurghese shared this question 1 year ago
Answered

I've a custom JSP that I added under appserver/webapps/ROOT/ . I want to ensure users accessing this JSP must be authenticated to Yellowfin. What is the best way to accomplish this?

I can imagine including and accessing SessionBean in my JSP to (hopefully) force an active user session to be present. Wondering if there are better ways.

Comments (3)

photo
1

Hi Jijoe,

another way to approach this is that you can remove access to these pages to unauthenticated users. This can be accomplished by adding the following excerpt to the Yellowfin/appserver/webapps/ROOT/WEB-INF/web.xml file, just before the closing </web-app> tag :


<security-constraint>

<web-resource-collection>

<web-resource-name>server-info</web-resource-name>

<url-pattern>/info.jsp</url-pattern>

<url-pattern>/info_browser.jsp</url-pattern>

<url-pattern>/info_cache.jsp</url-pattern>

<url-pattern>/info_threads.jsp</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>denyaccess</role-name>

</auth-constraint>

</security-constraint>


I hope that helps, please let us know how you get on with it.

regards,

David

photo
1

Much better than my solution :) Thanks David!

photo
1

glad to be of service! Although, it is not my solution - I am just the messenger ;-)

photo