java - Best way to protect url so that only defined party can interact each other -

-

I need to upgrade the jsp / struts application.

We currently only have 1 web site (branch) and now I need to upgrade and build another web site that represents headquarters. Headquarter and branches can see 4 branches in Headquarters Headquarters page, separate domains. To use headquarter and branches we need to enter if the headquarters want to see the details in branch A, then we can click on the link like 

  total attack:

My question is how to protect the URL so that communication can be secured by the headquarters and branch_a server only? If we use that URL from any other IP then it should display unauthorized messages.

I did the IP in the branch using the request.getRemoteAddr () but it is not secure enough.

We need to login

So you have a login system. As you are already asking this question, it seems like a home login system, otherwise you can configure container-managed authentication to check some URL-pattern for any logged-in user / roles. .

You need to check the logged-in user by default, whenever specific url-pattern is requested. A filter is perfectly suitable for this. Let's assume that your home system system keeps the logged-in user in session session, then the filter needs to test its presence: 

  if (((httppsorlet request)) .getSession () .getAttribute ("user")! = Null) {chain.doFilter (request, response); // user exists just continue requesting} other {(HTTPSvote Response) response). Anderr (HTPSWritingS.SC_Anatrophic); // Error 401.}

Select this filter to match the requests at a web.xml on a url-pattern log- You can also go one step further by adding a user role to filter on these users and if the logged-in user has the correct role of visiting the user's URL.


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more