Sunday, July 21, 2013

Protect Webcenter portal administration from authenticated users

Scenario - Protect Webcenter portal admin page from authenticated users 

Solution - Authenticated users have view access to Admin.jspx in webcenter portal. When any logged in user access http://<host>:<port>/<ContextPath>/admin it would take them to admin screen,  by default authenticated users do not have any permission to perform actions in administration screen but still its not a good practice for everyone to see admin pages. 

A very simple  and easy way to protect it is to disable permissions for Admin page in jazn-data.xml.

Step 1 - Go to Application Descriptors > jazn-data-xml > Resource Grants > Web Page permission > Select check box - Show web page from ADF libraries.

Step 2 - Admin page is shown in the list, choose it to see the permissions given . By default authenticated users have view access , SO delete default permissions and grant all permissions to Administrators.

Step 3 - Run the application, log in as Authenticated user and try to access /admin, You will see HTTP- 401 unauthorized page :-)

So Now /admin is protected :-)

No comments:

Post a Comment