Make information pages visible to Admin users only

Dean Jackson shared this idea 7 months ago
Completed

At this time, the public facing pages like info.jsp do not have any authentication checks on them, so they are either visible publicly, or not at all.

I would like the ability to switch these pages from public to private so that an authenticated admin user could view those pages, but no one else could.

Comments (4)

photo
1

Hi Dean,

Thanks for reaching out with your suggestion. I've logged this as an Idea for an Enhancement Request. Before becoming a request, ideas will be reviewed by our Product Team and chosen for Enhancements based on feasibility, level of positive impact to the user experience, and votes from the community. This post will be updated with any future information relevant to this process.


Cheers,

Neal

photo
1

Hi Dean,

Just wanted to update you on this to say that there is an ability to allow access to those pages for authenticated users (but not restricted to Admin users) via the web.xml, which unfortunately had been previously undocumented. I have updated this article to include the required details, but the code you need to add to the bottom of your web.xml (prior to the </web-app> tag) is as follows:

  <filter>
    <filter-name>NotLoggedInFilter</filter-name>
    <filter-class>com.hof.adapter.NotLoggedInFilter</filter-class>
    <init-param> 
        <param-name>restrictedEntryPoint</param-name> 
        <param-value>/info.jsp,/info_threads.jsp,/info_cache.jsp,/info_browser.jsp</param-value> 
    </init-param> 
    <init-param> 
          <param-name>redirectUrl</param-name> 
          <param-value>/?</param-value> 
    </init-param> 
  </filter>
  <filter-mapping>
    <filter-name>NotLoggedInFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Please let me know if this will give you the control you need for this.

Cheers,

Neal

photo
1

Thanks Neal,  

That's more secure than anonymous access for sure.  

I'm thinking we'll go with an approach like this:

  • no-one can view normally
  • when needed for debugging, admin will add the rules you gave here, temporarily
  • if admin is solving a problem stopping them from logging in, remove all restrictions, temporarily.  They should restrict user network/internet access to the server during this time.

Cheers,

Dean

Dean Jackson Founder and CTO

T 1300 721 113
M +61 414 828 311
@ dean.jackson@azility.co

www.azility.co

azility

From: Yellowfin Support <support@yellowfin.bi>

Sent: Friday, 21 May 2021 2:27 PM

To: Dean Jackson <dean.jackson@azility.co>

Subject: New Comment in "Make information pages visible to Admin users only"

photo
1

Hi Dean,

No worries, I think that is a good strategy. With this in mind, I will be closing this off, but if you have any further questions please do reach out to us.

Cheers,

Neal