cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

J2EE 6.40 Directory Listing and Security

Former Member

on ‎12-14-2005 11:02 AM

0 Kudos

On our J2EE 6.40 server, we have setup an HTTP Alias and assigned a path to it.

I have a requirement to :

Protect the Alias so that when you try and access it you have to enter a valid user from the UME used by the J2EE Engine.

I'm not able to find any documentation on how to acheive this.

Regards

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎12-14-2005 3:36 PM
0 Kudos

Hi, thanks for the reply.

I don't have an application that I want to deploy in the alias.

My requirement is to allow directory listing, but only to those users that I specify from the UME.

Show replies
Show replies
Former Member
‎12-16-2005 4:29 PM
0 Kudos

Hi Minesh,

>> My requirement is to allow directory listing, but only >> to those users that I specify from the UME.

Yep, I got your requirements correctly, but unfortunatelly this is not possible. Directory listing is just a boolean flag - it is either allowed or not allowed for any user, and there is no way to configure any checks against UME.

However, as I stated in my previous message, you can workaround this by packaging your directories and static files as a J2EE web application (WAR) and use the web.xml descriptor to configure access rules to them. This way you'll be able to fulfill your requirements. Refer to the manuals for more info on packaging and deploying the web application on the Web AS Java, or ask back here if you need further assistance.

Regards,

Ivo

Former Member
‎12-14-2005 3:31 PM
0 Kudos

Hi Minesh,

as far as I know, there is no out-of-the-box mechanism to protect an HTTP alias that points to some static resources on the file system. You can only enable/disable directory listing (configured with the Directory List checkbox of the HTTP Provider Service on the J2EE Engine.)

An option I could think of is packaging your web resources in a J2EE web application (WAR) and then wrap it in an EAR and deploy it on the J2EE Engine. In the web.xml of you web application you can use the web resource collection tags to define authorization constraints to your resources. The latter is described in the following <a href="http://help.sap.com/saphelp_nw04/helpdata/en/51/85ae7753a131498e5c05ac51f3531b/frameset.htm">page</a> (it assumes you're using the SAP NetWeaver Developer Studio as your development environment)

Show replies
Show replies
Ask a Question