mercredi 29 avril 2015

disallow access of internal files in liferay

In liferay I have
--tomcat
  --webapps
   --myimages
   --my-portlet
So using code in my-portlet I have given links to given file in myimages folder for a specific user.
Link would be
http://localhost:8080/myimages/User1.jpg

Problem Statement: I have to restrict a user (rather than defined role in liferay) so that s/he should not be able to access any of the files in myimages folder as s/he user hits on direct above link.

What I have tested:

  1. I have checked .htaccess file will NOT be useful since liferay has tomcat rather than apache server.
  2. Created a filter class by which I can intercept any request made should process through.
  3. openLDAP can not use since we are having separate authentication mechanism.
    So if anyone has idea how to deal with this security issue, please suggest me.

Aucun commentaire:

Enregistrer un commentaire