Document security with JSP

Similar Messages

• IP based security with JSP?

  Hi,
  How easy/hard would it be to implement IP based security in a JSP application? I.e. We want to restrict the IP addresses that can access our application.
  Is this something that can be done in the web.xml using the security contraints??
  Or is it much more ocmplex than this?
  (We want to prevent our customer from sharing the application with third-parties, so we can not rely on a firewall based approach)
  Thanks

  Well, for Apache, it's easier. I think for Location to work, you need virtual directories set up. I could be wrong... Or try using Directory intead of Location. I recall Location was for something special... but I forget the details. For Apache/Tomcat, I've usually used aliases to handle directories...
  Alias /ITMS "ITMS_HOME/tools/tomcat/jakarta-tomcat-4.0.3/webapps/ITMS"
  <Directory "ITMS_HOME/tools/tomcat/jakarta-tomcat-4.0.3/webapps/ITMS">
  AllowOverride None
  Options Indexes
  Order allow,deny
  Allow from all
  ExpiresActive On
  ExpiresByType application/octet-stream "access plus 7 days"
  ExpiresByType image/gif "access plus 7 days"
  ExpiresByType image/jpeg "access plus 7 days"
  ExpiresByType text/x-javascript "access plus 0 seconds"
  ExpiresByType text/css "modification plus 7 days"
  ExpiresByType text/html "access plus 0 seconds"
  ExpiresByType text/vnd.wap.wml "access plus 0 seconds"
  ExpiresDefault "now plus 1 month"
  </Directory>
  You can set up deny's from IP or IP range or domain.
  Deny from .domain.com
  Deny from 123.232.123.33
  Deny from 123.232.124.

• Please help; how to write XML document with JSP?

  I try to write XML document with JSP...
  But I got wrong results everytime.
  The result is not XML file displayed in the browser,
  but HTML file.
  I even tried to use HTML special code for <, >, "
  but still display as HTML file not XML file.
  How to do this?
  Thanks in advance. I put my codes below.
  Sincerely,
  Ted.
  ================
  Here is code for the JSP (called stk.jsp):
  <%@ page contentType="text/xml" %>
  <%@ page import="bean.Stock" %>
  <jsp:useBean id="portfolio" class="bean.Portfolio" />
  <% java.util.Iterator pfolio = portfolio.getPortfolio();
  Stock stock = null; %>
  <?xml version="1.0" encoding="UTF-8"?>
  <portfolio>
  <% while (pfolio.hasNext())
  stock = (Stock) pfolio.next(); %>
  <stock>
  <symbol>
  <%=stock.getSymbol() %>
  </symbol>
  <name><%=stock.getName() %> </name>
  <price><%=stock.getPrice() %> </price>
  </stock>
  <% } %>
  </portfolio>
  =================
  Here is the code for bean.Stock:
  package bean;
  public class Stock implements java.io.Serializable
  String symbol, name;
  float price;
  public Stock(String symbol, String name, float price)
  this.symbol = symbol;
  this.name = name;
  this.price = price;
  public String getSymbol()
  return symbol;
  public String getName()
  return name;
  public float getPrice()
  return price;
  ===============
  And here is bean.Portfolio:
  package bean;
  import java.util.Iterator;
  import java.util.Vector;
  public class Portfolio implements java.io.Serializable
  private Vector portfolio = new Vector();
  public Portfolio()
  portfolio.addElement(new Stock("SUNW", "Sun Microsystem", 34.5f));
  portfolio.addElement(new Stock("HWP", "Hewlett Packard", 15.15f));
  portfolio.addElement(new Stock("AMCC", "Applied Micro Circuit Corp.", 101.35f));
  public Iterator getPortfolio()
  return portfolio.iterator();
  }

  Hi
  I'm not sure whta your query is but I tested your code as it is has been pasted and it seems to work fine. There is an XML output that I'm getting.
  Keep me posted.
  Good Luck!
  Eshwar Rao
  Developer Technical Support
  Sun microsystems
  http://www.sun.com/developers/support

• Prelude and coda with JSP documents

  Hello.
  I have problems with adding prelude and coda templates to JSP documents (XML-format JSP).
  This is content of my web.xml:
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app xmlns="http://java.sun.com/xml/ns/j2ee" version="2.4"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
       <display-name>simple</display-name>
       <jsp-config>
            <jsp-property-group>
                 <display-name>simple</display-name>
                 <url-pattern>*.jsp</url-pattern>
                 <el-ignored>false</el-ignored>
                 <scripting-invalid>false</scripting-invalid>
                 <is-xml>true</is-xml>
                 <include-prelude>/prelude.jspx</include-prelude>
                 <include-coda>/coda.jspx</include-coda>
            </jsp-property-group>
       </jsp-config>
  </web-app>This is from prelude.jspx:
  <?xml version="1.0" ?>
  <jsp:root version="2.0" xmlns:jsp="http://java.sun.com/JSP/Page">
       <jsp:directive.page contentType="text/html"/>
       <html xmlns="http://www.w3.org/1999/xhtml">This is coda.jspx:
       </html>
  </jsp:root>And this is simple index.jsp of my web application:
  <head>
       <title>Simple</title>
  </head>
  <body>
       <h2>Simple</h2>
  </body>When running this on Tomcat 5.0.24 for Windows (Windows 2000 SP4) I get following exception on first request
  org.apache.jasper.JasperException: /prelude.jspx(4,45) XML document structures must start and end within the same entity.Anyone have idea why is this happening ? How to include prelude and coda without breaking XML structure ?
  Thanks, Nedim

  The problem with what you are trying to do is that include will inlcude the response and not the original document.
  In other words the jsp engine will try to compile prelude into a servlet, but because your xml document is not valid this would fail. Hence the XML error.
  Do you absolutely need to use the xml syntax? Because jsp page syntax would work in this situation.

• Authentification and Security in WebApp with JSP

  Hello to all.
  I'm developing a Web Applications with JSP's. To use the application a user must first Login.
  To restrict access via URL typing I have included in every JSP page a user_logged_in_check page that verifies that the user is logged in, and if not redirects to the Login page.
  The problem is that I must not forget to include that page in all my JSPs, and if the name of the page changes, it must be changed everywhere (though a search/replace might do the job just fine).
  I used this approach because is not server dependent (such as the Tomcat Realms example I have seen on this forum).
  Is there a better strategy?
  Is there a way to enforce security check and not rely on my attention ;)?
  Is there a pattern that solves the problem?
  Any help would be greatly appreciated.

  The first and biggest disadvantage is the repetitive coding - what happens if you realise that you need to change something - you will need to modify each of your JSP files. The chances of someone forgetting to add it in are a security risk.
  Secondly, using the web server's mechanism, in most cases, would mean that you are using a proven and much more stable security mechanism then you can whip up.
  For example, in Weblogic, you can configure a JAAS provider -- that means you are not limited to using uname/password. Your customer may have an enterprise wide single sign on policy that is supported by the JAAS provider and you can use it straight away - by just making a declarative change in the web*.xml files.
  If you must, use the Filter class (its a Servlet class, I checked after I had posted) as described in the Intercepting Filter pattern - at least thats a standard approach and will cut down on you having to rely on adding a snip of code to each of your JSPs.

• File Open: Asks twice to open document in IE6.0(Weblogic server with JSPs deployed)

            HI,
            This may not be appropriate question on this discussion forum. But in case if
            somebody has answer for this, please let me know:
            Problem:
            I am trying to open some documents in my JSP(JSPs are deployed on Weblogic5.1)
            where a BLOB will be streamed and written to ServletOutputStream. Some piece of
            code which does this, I have pasted below:
            // start attachmentviewer.jsp
            <% BufferedInputStream is = null;
            BufferedOutputStream os = null;
            response.setContentType(mimeType.trim()); // say application/msword for word document
            response.setHeader("Content-Disposition","attachment; filename=\""+attachmentViewBean.getAttachmentName()+
            "\";"); //bean method gets attachment name
            is = new BufferedInputStream(attachmentViewBean.getAttachment().getBinaryStream());
            // gets blob
            os= new BufferedOutputStream(response.getOutputStream());
            byte[] buff = new byte[6500];
            int bytesRead;
            out.clearBuffer();
            while(-1 != (bytesRead = is.read(buff, 0, buff.length)))
            os.write(buff, 0, buff.length);
            %>
            // end attachmentviewer.jsp
            I am closing handles etc. after this.
            This works fine in Netscape6.0 in which
            a dialog box prompts user to open/save
            document once and does correspondigly
            after user action.
            In IE 6.0 first file open dialog comes
            informing its open/saving
            attachmentviewer.jsp. Upon clicking open it
            again opens another dialog box
            informing to open/save for actual file
            name put in response's setHeader method.
            I observed this to happen in IE6.0, but
            works fine in IE5.5 prompting user once.
            If anyone has any idea/suggestions/tips
            about this, please lemme know.
            Thanks,
            Yogesh
            

  i was able to solve it by clearing the output stream (jsp page - out.clear() ) before using it, even resetting the jsp response does the trick..
  thanks,
  prakash.m
  Edited by message2prakash at 02/08/2008 10:35 AM
  Edited by message2prakash at 02/08/2008 10:36 AM

• How can I create a Login-page with jsp???

  Hello,
  I have to create a page with JSP code on the Netweaver Developer Studio.
  But I do not know how I do it.
  Can anyone tell me what to write in the portalapp.xml?
  An example would be very helpful.
  Thank you
  Greetings

  As you can see in the example:
  The portalapp.xml file (deployment descriptor) provides configuration information for your application, and defines the components and services in your application. For each component and service, you specify the implementing Java class and configuration information.
  For more information on the format of the portalapp.xml, see Deployment Descriptor (portalapp.xml).
  <application>
      <application-config>
          <property name="SharingReference" value="com.sap.portal.navigation.service, com.sap.portal.navigation.api_mimeservice, com.sap.portal.navigation.helperservice"/>
          <property name="Vendor" value="MY_COMPANY"/>
          <property name="SecurityArea" value="PERMISSION"/>
      </application-config>
      <components>
          <component name="SimpleNavigationExample">
              <component-config>
                  <property name="ClassName" value="MY_CLASS"/>
                  <property name="SecurityZone" value="no_safety"/>
              </component-config>
              <component-profile/>
          </component>
      </components>
      <services/>
  </application>
  You can only update in this example, your class name and other details:
  <property name="Vendor" value="sap.com"/>
  <property name="SecurityArea" value="MyCompany"/>
  <property name="ClassName" value="LOGINCLASS"/>
  <property name="SecurityZone" value="no_safety"/>
  Modify this portalapp.xml file as follows:
         1.      NAVIGATION SERVICE, so you must add references to the following portal applications that define these services:
          com.sap.portal.navigation.service
          com.sap.portal.navigation.api_mimeservice
          com.sap.portal.navigation.helperservice
         2.      In the <application-config> section, create the following properties that help to define the security zone for all components and services in this application:
  ○     Vendor: String identifying the company or organization that provided the application, for example, sap.com.
  ○     SecurityArea: String identifying the security area for the application, for example, NetWeaver.portal.
         3.      In the <component-config> section for the mySiteMap component, create the property SecurityZone to define the specific security zone for the component.
  For Permission, check this document:
  http://help.sap.com/saphelp_nw04s/helpdata/en/44/489e2df5ee4e35e10000000a1553f6/frameset.htm

• Is there a way to print a pdf, which is secured with password?

  I want to know a way to print pdf which is secured with password to print without throwing a error ?
  Instead it has to ask for a password and print..

  we need to have an associated application installed in the system for that particular fileYup.
  does javax.print api works for pdf files and word documents?Nope.
  There is something called (I think) iText which can handle PDF documents. No idea whether it includes a printing facility or not.
  db

• Document security not matching

  I created a PDF Form in Adobe Acrobat Pro 9, encrypting all document contents with a password.
  When I open the document in Reader XI, Select Go to File Menu->Properties, select the Security Tab, the Document Restrictions Summary at the bottom of the Security tab displays different information than what is displayed when I click "Show Details."  The differences are shown below.  I normally wouldn't care about these differences, but in Reader XI, it allows signing, but in Reader for Android, it is not.

  Hi,
  Document value will be the total of only those line item where the item category has Statistical value as empty in VOV7.
  So check your item categories and their value in this field in VOV7. Total the value of each item where the value is empty. This total should be the total of the document. You will have some items where the item category has got non-empty value here, may be x or y. Because of this these values are not considered for header totals.

• Xml document transfer from JSP app to an ASP app

  Hello,
  The client has an existing Active Server Pages application. In-house we have built another application in JSP. We need to send an xml document that we are generating in Java Server Pages along with session login data to the existing ASP application.
  In turn, the ASP application will use XSLT to render the xml on the web browser.
  The JSP web interface consists of a final results screen which contains a hypertext link that links up to the existing ASP application. When a user clicks the hypertext link, the page gets redirected to the Index.asp.
  Do you have any insight as to how I can transfer that xml document from the JSP application to the ASP application along with the session data?
  Thanks for your time.

  Hello,
  I am also interested in this... can you provide an example. Assume I know how to actually create the xml file (which isn't true yet... but I think I know where to go to find out)... what would the jsp (or servlet) code look like to include that xml file as a parameter.
  Thanks
  Eric-

• Corrupt document gets created in document library with document template using createlistitem workflowaction in visual studio workflow for office 365 solution

  Hi,
  My requirement is to create a document library associated to a custom content type with a document template associated. Also I need to create a document based on the template in this document library when a new item is created in another list by taking the
  reference ID of that new Item , I need to create the document with the name appended by ID. I need to do all this deployment using WSP.
  I have created document library with document template associated to content type by following instructions in below stated blog :http://blogs.msdn.com/b/chaks/archive/2011/05/19/deploying-a-document-template-file-in-content-type-in-a-office365-sandboxed-solution.aspx
  This works perfect for me.
  However, there are few observations, when going to Document Library > Library Settings > Advanced Settings > Document Template section - doesnt shows the Edit template link. When tried to look at the value for the document template using view source
  , it is giving me /Lists/MyDocsListInstance/Forms/template.dotx instead of the actual template file uploaded.
  Ignoring the above observation, when I am trying to create a sandbox based workflow in visual studio to create document in document library when new item is created in another list, I provide the ContentTypeID as the ID associated with the document library
  with template. 
  It creates the corrupt document at end of workflow. 
  I have tried using .docx instead of .dotx files for workflow as per solution provided in some of the post but it isnt resolving my issue.
  Any help is much appreciated.
  Regards,
  Krutika

  OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
  Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
  successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
  I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
  What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
  library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
  I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
  things that go through this evolution.

• To open a pdf document or word document from a JSP into a new window

  Hi,
  How to open a PDF document or word document from a JSP into a new window. i.e say from a jsp when a hyperlink or button is clicked it should open a new window with the pdf document or word document in it.
  thanks in advance,
  radki_j

  Hi ,
  when i tried to use the below code to open my word document , it will open as html and with some garbage details. Doesnt open as word document. How to solve this kind of probem?Need advice urgently.
  Open Document

• Document Security settings - conflicting information

  A PDF has been created in a process where Security is applied by itext sharp; and all values should be set to Allowed.
  When I check File > Properties > Security Tab (in adober reader 8 ) I can see:
  1) At the bottom a 'Document Restrictions Summary' section, but not all my values are "Allowed". So possibly something isn't right with the itext sharp process. However what is more confusing and the purpose of this post is that I can also see....
  2) At the top the Document Security section and a Show Details button. Selecting this brings up the Document Security dialog with another list of settings - some of which are a contradiction of those shown in the Summary list (point 1 above) e.g. Document Assembly is Not Allowed in 1) above, but is shown as Allowed in the separate Document Security dialog?????
  I can't find any information on the difference between these two sections and which Value is correct.
  I'm not sure if this is the correct forum, I've also posted this in the adobe reader group.
  Any help appreciated.
  ej.

  >When I check ...in adober reader 8
  >1) At the bottom a 'Document Restrictions Summary' section, but not all my values are "Allowed".
  This is normal in Reader, because its functions are limited. It's
  confusing, but it says "disabled" for things it can't do as well as
  those things which are forbidden. To actually confirm the settings use
  Acrobat instead.
  Aandi Inston

• "Document Security" and "Document Restrictions Summary" different

  Why is there a mismatch of permissions between 'Document Security' and Document Restrictions Summary'?
  I have a pdf file generated with the following security options enabled -- Printing, Commenting (Annotations), fill-in, Content Modification, Assembly. Even though these options show up as enabled in 'Document Security' section of Security tab in Properties (File->Properties->Security->Document Security), they are different to the ones in 'Document Restriction Summary'.
  This results in the inability to use highlighting/commenting tools of Adobe Acrobat Reader (ver. 7 and 8).
  The pdf file is generated using Open Office 3.0 Writer from a file in a .doc (word) format. I have also tried using tools like 'pdftk' with same results.
  According to my interpretation, the 'Document Restrictions Summary' should be in tandem with the 'Document Security'. Am I missing something obvious here? Could anyone kindly clarify how to enable the commenting feature and use it within Acrobat Reader (the free tool)?
  Needless to say this will be environment friendly option, which Adobe has been a strong advocate of.
  Rahul Iyer

  Yes, thats right. I used Open Office 3 to generate the pdf. I have also tried using pdftk and Adobe Distiller 5 with the same result.
  Your statement implies, the 'Adobe Reader' features cannot be fully utilized without a valid Adobe Acrobat Pro.
  This is a document to which I have the source. I have been able to create the pdf with the required set of permissions based on standards. But I am being hassled because I didn't generate it with Adobe Pro! Well, I suppose this must have been a business decision, but its one thats standards contrary and morally low!
  Adobe just lost an avid Reader user. I shall circulate my findings within my work and social circles. Thanks to competition and open source, I am sure to find a standards compliant reader without much delay.
  Thanks for your help - graffiti
  Rahul Iyer

• Purchasing document security problem

  we are on 12.0.6
  There are four document security options [Purchasing, hierarchy, Private and Public]
  We had hierarchy set for Standard Purchase orders which means only the doc owner, subsequent approvers, and individuals above the document owner in the security hierarchy can access the document
  Now there are people from finance dept and planning dept who want to vie PO`s and PO summary but this is not possible due to the hierarchy option set
  If we change the setting to purchasing, than all buyers can view eachother documents which again we dont want to happen
  whats the solution for it
  Any suggestions plz

  the same reply from another user was mines too as now i have two accounts due to the migration thing that happened a month back
  "suppose one of the parts of hierarchy is as follows
  User C with approval group assigned, below him is user B and then user A..
  User A makes the PO and submits for approval, user B gets it in the notification summary and approves it which then routes to user C who when approves it is finally approved
  now where to put the accounts and audit users in the hierarchy..on the level with user B, if so then still they cannot see PO`s because hierarchy security option means "only the doc owner, subsequent approvers, and individuals above the document owner in the security hierarchy can access the document"
  If i put the users between user B and C than the PO routing would go through them and that is not needed at all
  so what to do"