Home/ Questions/Q 567689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T13:06:36+00:00

I have jsp/struts application need to upgrade. Currently we only have 1 websystem(branch) and

  • 0

I have jsp/struts application need to upgrade.

Currently we only have 1 websystem(branch) and now I need to upgrade and build another websystem that represent HQ. HQ and branches are different domain. HQ can see 4 branches in the HQ page. We need to login to access HQ and branches. If HQ want to see the details in branch A, we can click on the link such as 

Total attack : <a href="https://www.branch_A.com/xxx/sss/?sss=333">105</a>

My Question is how to protect the URL so that the communication can only be done by HQ and branch_A.com server securely? If we use that URL from another IP it should display unauthorized message.

I have done to control the IP using request.getRemoteAddr() in the branch but it is not enough secured.

Can anyone help me to give ideas on how to protect this url?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    We need to login

    So you already have a login system. As you’re already asking this question, it sounds like a homegrown login system, otherwise you could just have configured the container managed authentication to check certain url-patterns for any logged-in users/roles.

    You basically just need to check the logged-in user whenever specific url-patterns are been requested. A Filter is perfectly suitable for this. Let’s assume that your homegrown login system puts the logged-in user in the session scope, the Filter then just need to test its presence:

    if (((HttpServletRequest) request).getSession().getAttribute("user") != null) {
    chain.doFilter(request, response); // User is present. Just continue request.
} else {
    ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED); // Error 401.
}

    Map this Filter in web.xml on an url-pattern matching the requests you’d like to be filtered on the logged-in user. You can even go a step further by adding an user role and if the logged-in user has the right role to visit the URL.

    • 0