Securing third party servlets and resources with ofbiz security.

[Lukasz Kucharski <lk...@gmail.com>]

Hello there,

my company needs to integrate Isomorphic Smartclient into backoffice
module but my issue arises also for other technologies using dedicated
servlets to provide json data for JS (eg. GWT).

Use case is:

-browser requests 3rd party servlet configured in web.xml (say catalog module)
-ofbiz checks to see if user is logged in. If yes lets request
through. If not - redirects to login page.
-user logs in


1. What is best way to secure separate servlet with ofbiz security
mechanism? Any GET/POST request for this servlet should be checked
similar way request to ControlServlet is being checked.

2. What is best way to secure third party resources (js/images/static
html files)? Those files, I guess, should be checked by specifically
implemented filter and then if user is logged in  'default' Tomcat
servlet should be allowed to feed them to the browser. Now
ContextFilter filter prevents resources from being served so this
should also be reconfigured.

I expect I have to write filter for this and do sth similar to
checkLogin method in LoginWorker does but is it the right way?

Thanks for clues

Best
Lukasz