Question

2
Replies
69
Views
ellic Member since 2016 1 post
PEGA
Posted: March 15, 2019
Last activity: March 18, 2019
Closed

Securing a custom JSP file in prweb.war

Our project would like to use a third-party JSP file in our PRPC application (https://github.com/Esri/resource-proxy). Because this JSP makes direct use of the HttpServletRequest and HttpServletResponse objects, we cannot adapt this code to a custom section rule or activity.

I've successfully added the JSP to our prweb.war and deployed it to our Tomcat container. I'm able to leverage the page, but I'd like to add security so that only authenticated PRPC users are able to access the JSP. We do not use container-managed authentication in our application; instead we have an OOTB SAML implementation for security.

Because we do not have container-managed authentication, I don't believe I can use the normal web.xml security constraint configuration. I'm open to modifying the JSP code, but I don't know if there's any way I can validate the session from a JSP outside the engine code. Any ideas are appreciated.

Data Integration Java and Activities Security
Moderation Team has archived post
Share this page LinkedIn