How to ensure access to a custom JSP is authenticated?
Answered
I've a custom JSP that I added under appserver/webapps/ROOT/ . I want to ensure users accessing this JSP must be authenticated to Yellowfin. What is the best way to accomplish this?
I can imagine including and accessing SessionBean in my JSP to (hopefully) force an active user session to be present. Wondering if there are better ways.
The same question
Hi Jijoe,
another way to approach this is that you can remove access to these pages to unauthenticated users. This can be accomplished by adding the following excerpt to the Yellowfin/appserver/webapps/ROOT/WEB-INF/web.xml file, just before the closing </web-app> tag :
<security-constraint>
<web-resource-collection>
<web-resource-name>server-info</web-resource-name>
<url-pattern>/info.jsp</url-pattern>
<url-pattern>/info_browser.jsp</url-pattern>
<url-pattern>/info_cache.jsp</url-pattern>
<url-pattern>/info_threads.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>denyaccess</role-name>
</auth-constraint>
</security-constraint>
I hope that helps, please let us know how you get on with it.
regards,
David
Hi Jijoe,
another way to approach this is that you can remove access to these pages to unauthenticated users. This can be accomplished by adding the following excerpt to the Yellowfin/appserver/webapps/ROOT/WEB-INF/web.xml file, just before the closing </web-app> tag :
<security-constraint>
<web-resource-collection>
<web-resource-name>server-info</web-resource-name>
<url-pattern>/info.jsp</url-pattern>
<url-pattern>/info_browser.jsp</url-pattern>
<url-pattern>/info_cache.jsp</url-pattern>
<url-pattern>/info_threads.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>denyaccess</role-name>
</auth-constraint>
</security-constraint>
I hope that helps, please let us know how you get on with it.
regards,
David
Replies have been locked on this page!