Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Enterprise & Remote Computing >> Web Tier APIs

preventing access to xhtml

We have an application that using JSF and xhtml. I'm relatively new and I've been tasked to come up with a way to prevent users from seeing the xhtml.

Under normal circumstances the xhtml files are translated into html files. The user can look at a page like:

http://localhost:8080/company/organizations.html

and it is returned and displayed just fine. However, when a user enters a URL directly, instead of using the application, and they enter the name with the xhtml extension:

http://localhost:8080/guardian/organizations.xhtml

they get back the xml. Is there some way to prevent the user from doing this? Is there a way to take that URL and turn it into:

http://localhost:8080/guardian/organizations.html

instead?

Any suggestions are appreciated. I can't seem to find anything online. I've tried playing in the faces-config.xml to create a navigation-rule, but that didn't work.

thanks,

Nate

[969 byte] By [smokeJaga] at [2007-10-3 1:14:47]

«« increment date
»» Gold auto generation

# 1

Don't know the best way, but how about putting a security constraint (web.xml) in for *.xhtml URLs?

daniel.rhoadesa at 2007-7-14 18:11:53 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

I don't know a whole lot about the web.xml, other than the fact that it defines modules. We have a web.xml, and here's a snippet out of it:

<filter-mapping>

<filter-name>securityFilter</filter-name>

<url-pattern>*.xhtml</url-pattern>

</filter-mapping>

That doesn't seem to do anything. Do you have an example of what you are talking about?

thanks,

Nate

smokeJaga at 2007-7-14 18:11:53 >

# 3

Like a normal security constraint:

<security-role>

<role-name>admin</role-name>

</security-role>

<login-config>

<auth-method>BASIC</auth-method>

</login-config>

<web-resource-collection>

<web-resource-name>System Admin</web-resource-name>

<url-pattern>*.xhtml</url-pattern>

</web-resource-collection>

<security-constraint>

<auth-constraint>

<role-name>admin</role-name>

</auth-constraint>

</security-constraint>

For J2EE 1.4 see http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html (chapter 32) for info on configuring resource constraints.

daniel.rhoadesa at 2007-7-14 18:11:53 >

# 4

Thanks Daniel !I appreciate your helping me out!Nate

smokeJaga at 2007-7-14 18:11:53 >

# 5

No problem, did it work ok?

daniel.rhoadesa at 2007-7-14 18:11:53 >

# 6

Works Great! Thanks again Dnaiel,Nate

smokeJaga at 2007-7-14 18:11:53 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

preventing access to xhtml

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified