Greetings 
,
I am currently trying to help a friend set-up a BEA WebLogic to run a pet care service in the Los Angles area.
I am trying to filter client requests. If a user does an illegal request, I would like to filter the request in a way such that the request never reaches the application server.
An illegal request would include say a user is logged in as “Bob” and changes an entry in the address field in his browser so that “Bob” is requesting “Jim”’s files. I want to filter this request by check the current user against the file that is requested and the owner and/or the scope of the file.
Also, preventing the user from going from outside a directory or accessing select directories is also a concern.
Is this as simple as adding a few lines in some access / deny file? Modifying the weblogic.xml file? The web.xml file? Or would involve actually making a filter class?
I just basically want some sort of filtering mechanism to filter any http request…. This is not very specific.
If you have any ideas or can point to something better than dev2dev from BEA, I would greatly appreciate it. Also if you can suggest other criteria for filtering it would really help me out. Is there I anything else I should filter? I basically want to restrict the client to a discrete list of directories and scripts; anything else is an intrusion by the user, eg. User tries to access the WebLogic install site.
-Q
,I am currently trying to help a friend set-up a BEA WebLogic to run a pet care service in the Los Angles area.
I am trying to filter client requests. If a user does an illegal request, I would like to filter the request in a way such that the request never reaches the application server.
An illegal request would include say a user is logged in as “Bob” and changes an entry in the address field in his browser so that “Bob” is requesting “Jim”’s files. I want to filter this request by check the current user against the file that is requested and the owner and/or the scope of the file.
Also, preventing the user from going from outside a directory or accessing select directories is also a concern.
Is this as simple as adding a few lines in some access / deny file? Modifying the weblogic.xml file? The web.xml file? Or would involve actually making a filter class?
I just basically want some sort of filtering mechanism to filter any http request…. This is not very specific.
If you have any ideas or can point to something better than dev2dev from BEA, I would greatly appreciate it. Also if you can suggest other criteria for filtering it would really help me out. Is there I anything else I should filter? I basically want to restrict the client to a discrete list of directories and scripts; anything else is an intrusion by the user, eg. User tries to access the WebLogic install site.
-Q
