1 Reply Latest reply on Feb 8, 2010 6:32 AM by Adam Wells

    Securing web start

    Matthew Hibberd Newbie

      Hi,


      I have a web application that is using Seam and it includes a web start application. I need users to have to sign in before they can start/download the web start.


      My problem is that I cant find a solution to secure access to the jnlp and related jars behind the login to the Seam app. So for example, if someone was to learn the URL of the jnlp/jar(s), they could simply type it in the address bar and download them without logging in. Is there a way to secure access to such resources using a Seam authentication method? If so, could you give me a pointer to a page of documentation or example that I must have missed.


      Thanks,
      Matt

        • 1. Re: Securing web start
          Adam Wells Newbie

          I also had this problem trying to secure .swf resources obtained after logging into a Seam app.


          Solved it by adding this line to components.xml :


               


          <web:authentication-filter url-pattern="/secure/*" auth-type="basic"/>
          




          Resources in the /secure directory are available after Seam authentication.


          Not sure if that is the best way to go, but it is the only appraoch I have been able to find.