|
This could be addressed using a method similar
to the "deblink" example in Jason Hunter's O'Rieilly book "Java
Servlet Programming".
The gist is this: create a servlet, mapped to the root
directory, that fetches and returns each html page requested. By passing
all requests through this servlet, you can enforce your security
constraints. I don't recall if the book example dealt with images, or if
they would necessarily have to be treated seperately...
Lance
Hello there,
I'm missing something and I'd like you guys to
answer me the following question:
I know how to write a login servet that
authenticates users and on successful login, this very serlvet redirects to
"other servlets". Offcourse when a "evil" user
manually points his browser to the "other servlets",
without passing through the login servlet, the "other
servlets" redirects the user to the login user. This is
understood and I have no problem. My situation is somehow different: I
have a customer with a running http server. His site is 100% static
pages based. He want's to add membership feature to his site. My first
thought was to create a login servlet, which on successful login would
redirect to his html files. On a second though this
completely illegal, since a "evil" user could point
directly his browser to the static html files. I think the
solution would be easy, if i could force his http server on
each file access to pass this request through a servlet (for
example a fileaccess?URL=<file URL>). Is this possible ? If
it's possible and since the customer uses Apache, is the apache's
rewrite module capable of doing that ? If so, a example would greatly
help me.
Best Regards
Filippos Slavik
################################################################
Filippos Slavik
Part of the SIAMS's implementation
development team. For more
information, please check http://www.siams.net
e-mail : [EMAIL PROTECTED]
################################################################
"The
software said 'runs on Win95 or better,' so I installed
it on
Linux..."
|
