4 Replies Latest reply on Feb 11, 2020 2:51 PM by Deepak Pathak

    Restrict/limit form access on specific Mid-Tier instance?

    Misi Mladoniczky
      Share This:

      Hi,

      The customer has one mid-tier instance in a DMZ that can be accessed from the outside.

      They want to limit access to a few forms, to make sure that a user with higher access privileges can not access data from the outside.

      Is this possible? It may have been a dream, but I think I heard/read something along this line at some point in time...

              Best Regards - Misi, RRR AB, http://rrr.se

        • 1. Re: Restrict/limit form access on specific Mid-Tier instance?
          Matt Laurenceau

          not sure at the mid-tier level, but can this be done at a firewall/proxy level ? or Web Server level ? (URL restriction)

          1 of 1 people found this helpful
          • 2. Re: Restrict/limit form access on specific Mid-Tier instance?
            Misi Mladoniczky

            Hi,

            Yes, that may be an option.

            It would be helpful if someone had done this before, to verify that we allow access to those URLs that is needed, and that there is no way of specifying an URL that circumvents the filter.

                    Best Regards - Misi, RRR AB, http://rrr.se

            • 3. Re: Restrict/limit form access on specific Mid-Tier instance?

              Hello Misi,

               

              We did exactly the same mid-tier limitation what you described in your question.

              Our solution is a "patch" to the existing mid-tier web application.

               

              There is two servlet filter, which preprocess some of the requests.

              • UserCheckerFilter - this checks user permission during login
              • URLCheckerFilter - It is responsible for allowing just the necesary forms.

               

              The filters are mapped to the bellow url's.

              • UserCheckerFilter
                • /servlet/ViewFormServlet
                • /servlet/LoginServlet
              • URLCheckerFilter
                • /forms/*
                • /apps/*
                • /servlet/ViewFormServlet/*

               

              UserCheckerFilter filter allows just low permission user's to log into the mid-tier.
              We just catch the user's login name with UserCheckerFilter (username request parameter from servlet request).
              The permission is queried with a very low permission read-only user in our module, which run's a query against the form which store's user information.
              If the user has low privilege, we allow the processing chain forward, in other cases we throw an error page.

               

              If the user is allowed, we limit him/her just to reach some of the forms with URLCheckerFilter.
              This filter is configured with a config file, which contains regexp to mid-tier URL's.

              If there is a link from the current mid-tier form's, or he knows the system, and tries to manipulate with direct access url's we drop these calls.

               

              That's all!

               

              --

              Szabolcs Eory - IQSYS Ltd.

              2 of 2 people found this helpful
              • 4. Re: Restrict/limit form access on specific Mid-Tier instance?
                Deepak Pathak

                Hi Szabolcs Eory,

                 

                We are looking for a similar URLCheckerFilter as mentioned in your post.

                 

                Please let me know if this is something that is available and if we can leverage it for use.

                 

                Thank you,

                 

                - Deepak Pathak