Restrict access to /nl/jsp/monitor.jsp

Avatar

Avatar
Validate 1
Level 1
Sebastian_Rockw
Level 1

Likes

0 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
Sebastian_Rockw
Level 1

Likes

0 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
Sebastian_Rockw
Level 1

25-03-2021

Hi all,

on my ACC instance, which is hosted on prem, I can access /nl/jsp/monitor.jsp, log in with an operator and then see the different monitoring metrics.

However, it seems like I can login with any operator, no matter the operator groups he is assigned to.
Is there any way to restrict access to /nl/jsp/monitor.jsp to operators having admin operator group only?

 

Thanks and BR

Sebastian

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
MVP
wodnicki
MVP

Likes

977 likes

Total Posts

1,096 posts

Correct reply

516 solutions
Top badges earned
Establish
Affirm 500
Contributor
Shape 1
Give Back 100
View profile

Avatar
Establish
MVP
wodnicki
MVP

Likes

977 likes

Total Posts

1,096 posts

Correct reply

516 solutions
Top badges earned
Establish
Affirm 500
Contributor
Shape 1
Give Back 100
View profile
wodnicki
MVP

01-04-2021

Hi,

 

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

 

 

Thanks,

-Jon

Answers (0)