Tomcat Security Access Restrictions
2 posts in topic
Flat View  Flat View

Posted By:   Adam_Barnett
Posted On:   Wednesday, August 6, 2003 08:06 AM

I was wondering if there was a way to restrict access to a
web-page based on how the user got to the page ... i.e.
only users who have been redirected from a certain link
(on a different server) have access.

My newbie self could use the help ...

Re: Tomcat Security Access Restrictions

Posted By:   Daniele_Galluccio  
Posted On:   Saturday, August 9, 2003 01:55 PM

You can use a valve for restricting acces to a particular IP,network,domain..

in your contex add something like:

substitute with a convenient ip or domain
hope this helps.

Re: Tomcat Security Access Restrictions

Posted By:   Steve_Leach  
Posted On:   Thursday, August 7, 2003 05:11 AM

You can try testing the value returned by request.getHeader("Referer"). However, you are relying on the client's browser sending this information, and it is not reliable. I am using Mozilla and it doesn't appear to send this header at all. Even if it is sent by the browser, you have no guarantee that it is accurate, and I suspect that different browsers may send the results in slightly different formats anyway.

Another approach (if you have control over the link on the other page) would be to change the link to include a parameter that you can test.

If you have total control over the referring site, you could create a token of some sort on the first site, hold it on the server and then forward to the second site. That could then query the first server directly to see if the token is present.

Not very helpful, I know, but http is really supposed to be "stateless", so each request is unrelated to the previous. Cookies get around this as long as everything is on the same server.

About | Sitemap | Contact