Chad Ellinger (ellic)

Pegasystems Inc.
ellic Member since 2016 1 post
Posted: March 15, 2019
Last activity: March 18, 2019
Posted: 15 Mar 2019 9:20 EDT
Last activity: 18 Mar 2019 11:21 EDT

Securing a custom JSP file in prweb.war

Our project would like to use a third-party JSP file in our PRPC application ( Because this JSP makes direct use of the HttpServletRequest and HttpServletResponse objects, we cannot adapt this code to a custom section rule or activity.

I've successfully added the JSP to our prweb.war and deployed it to our Tomcat container. I'm able to leverage the page, but I'd like to add security so that only authenticated PRPC users are able to access the JSP. We do not use container-managed authentication in our application; instead we have an OOTB SAML implementation for security.

Because we do not have container-managed authentication, I don't believe I can use the normal web.xml security constraint configuration. I'm open to modifying the JSP code, but I don't know if there's any way I can validate the session from a JSP outside the engine code. Any ideas are appreciated.

Data Integration Java and Activities Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.