Tomcat - Directory Access Restrict

How do i restrict users from entering the image/text files path directly in the browser.
my web application has restrictions to jsp/servlet pages, wherein we ask for username and password which will chk and db and then authenticate.
but when an image or text file in a particular directory is accessed thru the web i have to restrict. how do i do that.
to be more clear
if i access
https://www.somename.com/index.jsp
it will ask for login information and only then other jsp pages can be accessed.
but
https://www.somename.com/images/logo.jpg
if i type directly this image will appear, but i need to restrict, how to do that in Tomcat.
PraDz

GRRR,
I found the spot to disconnect from wireless networks on logout. I also set it up to not automatically join preferred networks. This solved my problem.

Similar Messages

  • Access restriction in Universe

    Hi All,
    In our environment we have 2 domain (US and Europe) and most of the user have id created for both the domain. We have 2 identical databases one in US and other in Europe. US database holds US information and Europe holds Europe data. 
    In our BO environment we have set the ad groups to create new id for each user Alias i.e if the user abcd has access in both US and Europe domain BO creates 2 separate ids for each domain (bo internally creates abcd and abcd0). We have only one universe and set of reports which has connection switching based on the domain user logs into BO (access restriction at connection level). This works absolutely fine, switches database connection depending on the domain user logs in.
    Now we are hearing from our users that they can access the personal reports created under Europe login in US login (this because users has abcd and abcd0). So we decided to create enterprise id and alias the users from AD group (abcd --> alias AD abcd), if we do this the change the connection swap is not happening as the BOUSER always returns abcd as user and universe restriction is only picking the default connection.
    Thanks
    Srinivas

    Hi,
    As you have mentioned in the post that OS is solaris. so for Solaris LAFix has been released by PG for this issue.Below are the details:
    VERSION:     XIR3.0 LAFix0.18
    PLATFORMS:       Solaris Solaris 10
    LANGUAGES:       English
    ADAPT ID:      ADAPT01099598
    Synopsis:     Universe connection override does not work u2013 Error WIS 10901
    WARNING: This LAFix has not been through a full regression test cycle but it has been deemed to fix the problem reported by the customer.  Inadvertent introduction of an unforeseen issue can however not be fully excluded. Before providing this LAFix to the customer, Customer Assurance must perform their own tests to confirm customer issue is solved.
    ADDITIONAL INFORMATION
           Installation Instructions :
    1.     Stop all BO Enterprise services, e.g <BOE_DIR>/bobje/stopservers
    2.     Gunzip and Untar  XI3.0_RHEL_LAFix0.18.tar.gz
    3.     Change directory to <EXTRACTED_LOCATION>/LAFix0.13/DISK_1
    4.     Run install.sh
    5.     Re-start all BOE services, e.g ./startservers
           Uninstall Instructions :
    2. Run uninstallpatch.sh from your system.
         New Behavior :
                The above issue is now resolved.
         Limitations :
                No known limitations
         Component(s):
          libuum.so
    Note: LAFix is released on top of XI 3.0
    To download the or get the LAFix you need to contact to your Sales Account Manager of BusinessObjects.
    Cheers,
    Deepti Bajpai

  • Cisco ISE Machine Access Restrictions MAR

    I want to test out MAR.  I notice there is a tick box on the ISE for MAR under: Identity Management --> External Identity Sources --> Active Directory --> Advanced Settings --> [tick] Enable Machine Access Restrictions
    but also there is this condition that is to be used in the AuthZ Policy
    Network Access:WasMachineAuthenticated           
    So...
    What does the tick box option do?
    Are they related or refer to different things?
    Are both needed to get a MAR AuthZ to work?
    Any of clarifying or beneficial info?
    thanks

    Hi,
    Your are correct you will have to create an authorization condition that checks if the machine authenticated successfully.
    So...
    What does the tick box option do?
    When you enable MAR globally it lets the ISE know to build a cache  for endpoints that successfully perform machine authentication.
    Are they related or refer to different things?
    They work hand in hand.
    Are both needed to get a MAR AuthZ to work?
    Yes, you will have to create another authorization policy to allow domain computers to connect.
    Any of clarifying or beneficial info?
    When MAR is enabled, you will have to enable machine and user authentication to your laptop, after MAR succeeds ISE builds an entry in its database mapping the endpoint (mac address) to a successful machine authentication, after when a user authenticates not only do they have to provide the correct credentials but the mac address they are authenticating through will have an entry in the "MAR cache", keep in mind that some supplicants only perform machine authentication when logging on and off, and on boot up. If you want to use MAR i suggest using the Anyconnect NAM client, there is a new feature in ISE 1.1.1 and the latest client that allows you to perform eap chaining.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Machine Access Restriction Timeout

    Hi Community,
    we use  Anyconnect Client for Machine Authentication. Authentication is for  WLAN done by WLC that asks ACS5.3 that uses Active Directory as the identity store. You have enabled Machine Authentication and Machine  Access Restrictions (MAR) with an Aging time of 2160 hours (90days).
    Problem  appears if user Hibernate or ACS is reloaded and machine Authentication  timer expired. User need to Logout and wait or reboot that machine  authenticates and then user can login again.
    ACS logs:"ACS has not been able to confirm previous successful machine authentication for user in Active Directory"
    Somebody mentined ther is a hiddeen feature in Anyconnect that allows machine authentication while user is logged in to the machine. Somebody know how to enable this?
    Thank you.

    After further troubleshooting,
    The machine itself is always on wireless
    But as for the username, most of the users says it's just used for wireless. Some users says they use their usernames on wired pc, but the wired pc should have a different mac so it should be the issue
    The machine authentication period is 6 months so it should not get expired from the ACS..
    but somehow when the clients get disconnected, somehow they can't reconnect since the ACS asks for another machine authentication
    the ACS logs then show the error message..
    Is there any way to see the machine authentication cache in the ACS?

  • Host-based access restrictions

    What is the preferred method for implementing host-based access restrictions in Directory Server 5.2?
    I am setting up Solaris 9 clients using the native LDAP client.
    I tried setting up host-based access using netgorups, and it works great, but found the user's group associations stopped working. Only the default group shows up.
    Removing netgroups allows any valid user to authenticate to any host. Very bad.
    As a last resort, one could add an ACL for each user in the LDAP server specifying which hosts he can bind from. But then again, it's the proxyagent that will be binding.
    There has to be a better way to do this. Absolutely no info on this in the admin guides.

    Solaris10u6 (Solaris 10 10/08) added a pam_list module that appears to do what your asking about from a brief glance at the whats new.

  • Delays in net access restriction

    XI31 -  IIS6.0  - .NET (no tomcat)
    It is taking users "minutes" to bring up the net access restrictions...  How can I speed this up PLEASE?!?!!?

    Well I must admit this does not really sound like a best practice. But since this is a rather unusual setup I would recommend to open a case by SAP support (http://service.sap.com/support) and ask if this delay to display the list with the 1800 restriction is by design or a bug.
    Regards,
    Stratos

  • Open Directory access from outside of network / internet

    Hello all,
    Got a question I'd love to get some help on, I have some users who are outside of my network and I'd like them to connect into the open directory on our leopard server so they can use the Shared iCal calendars, addresses, etc.
    So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
    B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
    Hope that makes sense, I can't seem to find the answers I need in the manuals, if I knew how this was meant to work I could probably have a fair go at figuring out how to actually do it (firewall changes etc)
    Thanks in advance for the help
    Martin

    So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
    If your OD server is visible from the internet -- i.e., it has a public address -- then you can do this without the VPN. However, it's not advisable to have a server exposed in that fashion.
    You would be better off doing this through the VPN:
    - Remote user connects to internet at hotel, for example.
    - Remote user initiates VPN connection.
    - Remote user now has access to iCal server and directory information.
    Explain to the users that this information is private to the company, and private company resources are only available through the VPN. Allowing access without the VPN would be similar to the company posting its Employee roster and meeting calendars on the face of the building where any person (or competitor) could see them.
    B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
    It's just one extra step: Connect to VPN. You're still the same local user on the computer.
    If you're talking about laptop users needing directory access to authenticate when logging into their computers, well...That sounds like a whole other situation.
    Hopefully this helps.
    Bryan Vines

  • WRT54G2 and WRT54G locks-up (freezes) when blocking web sites using Access Restrictions

    I am convinced that a few Linksys routers such as WRT54G2 and WRT54G have a major issue when blocking web sites using Access Restrictions (Internet Access Policy). After a few hours of internet access by 15 wired users the Linksys locks-up and blocks all internet web access. The only solution is to restart the power on the router.
    We are currently using a Linksys WRT54G2 v1 (firmware 1.0.04). We upgraded the WRT54G2 v1 firmware to the latest 1.0.04 version which did not resolve the issue.  NOTE: We were previosuly using a a Linksys WRT54G v1.1 (firmware 4.21.1) until the power supply blew a week after we started blocking web sites using Access Restrictions (Internet Access Policy).  
    Basically, we have a T1 internet connection and a hub connected to the Linksys router. We are trying to block several web sites such as facebook, myspace, etc. for 15 wired users. We do not use wireless connections.
    This is the 2nd time it happened with 2 different models.
    Please help ASAP.
    Thank you,
    Lance
    (Mod note: Edited post. Some parts off topic.. Thanks!)

    Also,  you have already upgrade/re-flash the firmware of your Linksys Router you need to reset and reconfigure your router from scratch. Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

  • How to configure CLI/DNIS based access restriction in 5.3 ?

    Hi,
    does anybody have an idea how the setting
    define CLI/DNIS-based access restrictions which is defined in ACS v. 4.2
    can be configured in acs 5.3 ?
    in v. 4 for every user in a group with 40 members  a different CLI is defined for each. How can I configure that in version 5.3 ?
    any help as always much appreciated!

    The equivalebt to NAR functionality can be found at:
    Policy Elements > Session Conditions > Network Conditions > End Station Filters
    Can then define an object with a set of CLI values
    These objects can then be used in policy conditions. So can create a condition with a set of CLI values and then match in authorization policy for values that are included in this set and set authorizations accoridngly
    Not sure if this is your use case but hopefully may be a start

  • Access restrictions timing off by 1 hour

    I don't know if anyone else is experiencing this problem.  I have set access restrictions on my WRT610N router and they execute an hour earlier than set.
    I checked the time zone settings, the system clock and all seem correct. I have a rule that is supposed to turn off access to the Internet at 11:55pm. However, the rule gets executed at 10:55pm.
    This was happening on my first WRT610N which was also dropping network connections. So, I returned that unit and got a replacement.
    The new unit does not drop connections but has the same timing problem.  The only solution I have found is to change the time zone to the next one that is 1 hour behind my time zone.
    Please let me know if anyone else has experienced this same situation.

    My ISP is on the same town as I am. The information they are supplying appears to be correct as my WRT54G uses the same information and its rules execute properly.
    I think there is a problem with the WRT610N. My solution is temporary I hope that Linksys will fix this problem. 

  • LDAP support limited. How to configure Address Book / Directory Access?

    I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
    "...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
    Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?

    Here is some info I found on manually configuring and mapping schemas.
    Configuring LDAP Searches and Mappings
    Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
    You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
    For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
    You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
    IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
    For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
    In Directory Access, click Services.
    If the lock icon is locked, click it and type the name and password of an administrator.
    Select LDAPv3 in the list of services, then click Configure.
    If the list of server configurations is hidden, click Show Options.
    Select a server configuration in the list, then click Edit.
    Click Search & Mappings.
    Select the mappings that you want to use as a starting point, if any.
    Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
    Add record types and change their search bases as needed.
    To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
    To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
    To remove a record type, select it in the Record Types and Attributes List and click Delete.
    To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
    To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
    To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
    Add attributes and change their mappings as needed.
    To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
    To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
    To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
    To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
    To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
    Click Save Template if you want to save your mappings as a template.
    Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
    ~/Library/Application Support/Directory Access/LDAPv3/Templates
    Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
    You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
    The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies.

  • Directory Access and Permissions

    Hi,
    I work at a company that's having a problem setting up the new macs (Core 2 Duo iMac 24") our marketing department just ordered.
    The rest of our network uses windows, so we have active directory logins for everyone. We've setup the Directory Access on the new iMacs so that marketing users log in using their AD username and pw. The local user account that 10.4 generates is set to be a local admin, but the users are just normal users in AD.
    The problem we're having is with setting permissions for some Apps that require changes from the default settings. When I go to set permissions in the Info pane of a folder or app, I open the pull down menu for 'Owner' and go to 'Other...' at the bottom to grab the user from AD (because the user is not available in the top portion where local users can normally be selected). This is where the problem occurs. This opens up the "User Listing" box, which contains a long list of AD usernames, but does not have any AD usernames that were created less than 10 months ago. I checked with my Network Admin, and virtually no settings in terms of creating AD users have changed in the last two years.
    I don't know if this is a problem with settings on the AD side or the Mac side, but here's the Mac settings in Directory Access:
    +Services: AD is checked+
    +Authentication: Custom path selected, our domain is in the list+
    +Contacts: Same as Authentication+
    +Under AD:+
    +Forest and Domain are correct, computer is bound correctly.+
    +User Experience:+
    +Create mobile account is not selected.+
    +Force local home directory on startup is selected.+
    +Use UNC path from AD... is selected, smb: is selected as Network protocol.+
    +Default user shell is selected as '/bin/bash'+
    +Mappings: Nothing selected.+
    Administrative:
    +Prefer this domain server is checked and correct for our network+
    +Allow administration by is checked, domain admins and enterprise admins+
    +Allow authentication from any domain in the forest is selected+
    Is there anything in these settings that might cause the problem described above, or is the problem something else entirely, maybe on the AD side?
    I'm also wondering if anyone knows how to find out where Directory Access is grabbing this list of users from. Perhaps our Network Admin can find out what the problem is given that info.
    Thanks,
    Gabe
    Message was edited by: Gabe Stein

    I have exactly the same problem and ProtectHome wasn't the solution. "sudo minidlnad" works fine -- TV shows root and /home/blah/blah is accessible. However, I'm not able to make the daemon run as root. Just for testing purposes, I've made all the settings as loose as possible, but TV stills shows minidlna as username and the folder is not available (systemctl status reveals permission denied).
    minidlna.service:
    [Unit]
    Description=minidlna server
    After=network.target
    [Service]
    Type=simple
    User=root
    Group=root
    ExecStart=/usr/bin/minidlnad -S
    ProtectSystem=off
    ProtectHome=off
    PrivateDevices=on
    NoNewPrivileges=off
    [Install]
    WantedBy=multi-user.target
    minidlna.conf:
    user=root
    media_dir=/home/blah/blah
    What am I missing here? No possibility to run minidlna as root after the last update any more?
    Edit:
    Never mind. During all this testing I had forgotten "User=minidlna" to /etc/systemd/system/minidlna.service.d/override.conf. Daemon as root works after removing that line.
    Last edited by riivo (2015-03-19 14:38:18)

  • Can't login to local NON-admin accounts-Directory Access set to server

    I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
    Here is the issue:
    I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
    I have tried the following:
    Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
    Deleted the mcx cache in Directory Access
    Tried adding a new non-admin user to test (still will not login)
    Removed and re-created LDAP configuration (all set to custom)
    Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
    Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
    Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
    Reset passwords in System Prefs and also re-typed them in NetInfo Manager
    Deleted login keychains
    Deleted mcx.plist
    Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
    *Same results with both ethernet and wireless connectivity enabled.
    *Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
    Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??

    Mostly just a bump...
    How about that .local extension, or trailing / ?

  • WRTU54G-TM Slow Setup Page and HTML Error on Access Restrictions Page

    I have a WRTU54G-TM Wireless Router.  It has v1.00.21 firmware and I have done a reset with no solution.  Everything seems to work, except the setup pages load very, very, very slow.  Also in Internet explorer I get an HTML error on the access restrictions page. Resets don't help.  The router did not have this issue until about a month ago that I recall.  I can see on the access restrictions page the gray shading is all lined up except at the bottom on the page, like ther is some sort of issue in the html within the router.
    One more problem, after I reset the router the saved config file I made would not change the default settings back, I had an older saved config file also, it would not work either.
    Is this an issue with this firmware version?   Any one else see this?
    Message Edited by johnsonle9 on 01-24-2010 01:24 PM
    Message Edited by johnsonle9 on 01-24-2010 01:24 PM

    Are you getting the same problem with another computer...?
    Try using different computer and check if you are getting the same problem or not...If yes then,I would suggest you to re-flash/upgrade the router's firmware,reset the router and re-configure it from scratch..Do not use the save config file.

  • Access Restrictions bug of firmware 1.01.1 for WRT54G V5 V6

    I am using WRT54G V5.
    The Access Restrictions function won't work properly when using firmwares 1.01.1 and 1.01.0. Ports can't be blocked by using the "Blocked Services" in this function.
    Now I have to switch back to 1.00.9 to make the port blocking work, but there is a DHCP server issue which could only be fixed in 1.01.0 or above.... Could someone fix this BIG BUG and roll out a new firmware????
    Thanks a bunch.
    Message Edited by Dennis_Hsu on 01-08-200705:02 PM

    What is your Fragmentation and RTS threshold value? I'm not sure if I'm reading your message right, but it says as far as I can understand 30. The value should be 2304 instead for both.
    Ty changing the wireless channel also to either 1, 6 or 11.

Maybe you are looking for