java - Best way to protect url so that only defined party can interact each other -


I need to upgrade the jsp / struts application.

We currently only have 1 web site (branch) and now I need to upgrade and build another web site that represents headquarters. Headquarter and branches can see 4 branches in Headquarters Headquarters page, separate domains. To use headquarter and branches we need to enter if the headquarters want to see the details in branch A, then we can click on the link like

  total attack:  

My question is how to protect the URL so that communication can be secured by the headquarters and branch_a server only? If we use that URL from any other IP then it should display unauthorized messages.

I did the IP in the branch using the request.getRemoteAddr () but it is not secure enough.

We need to login

So you have a login system. As you are already asking this question, it seems like a home login system, otherwise you can configure container-managed authentication to check some URL-pattern for any logged-in user / roles. .

You need to check the logged-in user by default, whenever specific url-pattern is requested. A filter is perfectly suitable for this. Let's assume that your home system system keeps the logged-in user in session session, then the filter needs to test its presence:

  if (((httppsorlet request)) .getSession () .getAttribute ("user")! = Null) {chain.doFilter (request, response); // user exists just continue requesting} other {(HTTPSvote Response) response). Anderr (HTPSWritingS.SC_Anatrophic); // Error 401.}  

Select this filter to match the requests at a web.xml on a url-pattern log- You can also go one step further by adding a user role to filter on these users and if the logged-in user has the correct role of visiting the user's URL.


Comments

Popular posts from this blog

php - multilevel menu with multilevel array -

c# - TypeConverter in propertygrid only converts from string, not to -

jQuery UI: Datepicker month format -