Restrict access to /nl/jsp/monitor.jsp

Avatar

Avatar

Sebastian_Rockw

Avatar

Sebastian_Rockw

Sebastian_Rockw

25-03-2021

Hi all,

on my ACC instance, which is hosted on prem, I can access /nl/jsp/monitor.jsp, log in with an operator and then see the different monitoring metrics.

However, it seems like I can login with any operator, no matter the operator groups he is assigned to.
Is there any way to restrict access to /nl/jsp/monitor.jsp to operators having admin operator group only?

 

Thanks and BR

Sebastian

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

wodnicki

MVP

Avatar

wodnicki

MVP

wodnicki
MVP

01-04-2021

Hi,

 

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

 

 

Thanks,

-Jon

Answers (0)