Securing web start

matt.hibb Dec 4, 2008 3:14 AM

Hi,

I have a web application that is using Seam and it includes a web start application. I need users to have to sign in before they can start/download the web start.

My problem is that I cant find a solution to secure access to the jnlp and related jars behind the login to the Seam app. So for example, if someone was to learn the URL of the jnlp/jar(s), they could simply type it in the address bar and download them without logging in. Is there a way to secure access to such resources using a Seam authentication method? If so, could you give me a pointer to a page of documentation or example that I must have missed.

Thanks,
Matt

1. Re: Securing web start

adampwells Feb 8, 2010 6:32 AM (in response to matt.hibb)
I also had this problem trying to secure .swf resources obtained after logging into a Seam app.

Solved it by adding this line to components.xml :

<web:authentication-filter url-pattern="/secure/*" auth-type="basic"/>

Resources in the /secure directory are available after Seam authentication.

Not sure if that is the best way to go, but it is the only appraoch I have been able to find.
Actions