1 of 1 people found this helpful
not sure at the mid-tier level, but can this be done at a firewall/proxy level ? or Web Server level ? (URL restriction)
Yes, that may be an option.
It would be helpful if someone had done this before, to verify that we allow access to those URLs that is needed, and that there is no way of specifying an URL that circumvents the filter.
Best Regards - Misi, RRR AB, http://rrr.se
2 of 2 people found this helpful
We did exactly the same mid-tier limitation what you described in your question.
Our solution is a "patch" to the existing mid-tier web application.
There is two servlet filter, which preprocess some of the requests.
- UserCheckerFilter - this checks user permission during login
- URLCheckerFilter - It is responsible for allowing just the necesary forms.
The filters are mapped to the bellow url's.
UserCheckerFilter filter allows just low permission user's to log into the mid-tier.
We just catch the user's login name with UserCheckerFilter (username request parameter from servlet request).
The permission is queried with a very low permission read-only user in our module, which run's a query against the form which store's user information.
If the user has low privilege, we allow the processing chain forward, in other cases we throw an error page.
If the user is allowed, we limit him/her just to reach some of the forms with URLCheckerFilter.
This filter is configured with a config file, which contains regexp to mid-tier URL's.
If there is a link from the current mid-tier form's, or he knows the system, and tries to manipulate with direct access url's we drop these calls.
Szabolcs Eory - IQSYS Ltd.
Hi Szabolcs Eory,
We are looking for a similar URLCheckerFilter as mentioned in your post.
Please let me know if this is something that is available and if we can leverage it for use.
- Deepak Pathak