Christopher Schultz-2 wrote:
Is it possible to hide an url pattern on the outside, but have it
available when accessing from the server machine?
There are ways to do this, but the best way depends on what you want to
actually happen when someone requests a URL from /admin. So, let me
espinchi wrote:
Christopher Schultz-2 wrote:
Is it possible to hide an url pattern on the outside, but have it
available when accessing from the server machine?
There are ways to do this, but the best way depends on what you want to
actually happen when someone requests a URL from /admin.
That's cool, but a little overkill for some use cases.
For instance, in a portlet-based portal application, you might have
individual portlets registered to the patterns
/PortletInvoker/MyPortletName. We need the portal to access them, but a
user shouldn't be able to access a portlet directly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
espinchi,
espinchi wrote:
That's cool, but a little overkill for some use cases.
Like what? Just because a tool can do way more than you need it to do
doesn't mean it's less useful for the task at hand.
For instance, in a portlet-based portal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
einojah,
einojah wrote:
I have an admin area in my application I want to secure.
I know I can define a security constraint to set a basic or digest
authentication for a url pattern.
But, I don't want the /admin area to be shown outside at
Hello,
I have an admin area in my application I want to secure.
I know I can define a security constraint to set a basic or digest
authentication for a url pattern.
But, I don't want the /admin area to be shown outside at all. The basic
authentication is extremely weak and digest auth. also
Can't you just block the port ? That's what I do on my machine : the port
8080 is unavailable from the outside, just from localhost. So my manager
webapp is almost flawlessly protected. I only redirect those apps that I
need to port 80 using apache / mod_jk.
HTH,
Pierre
On Wed, Nov 5, 2008 at
