Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

The 4th edition of the Campaign Community Lens newsletter is out now!
SOLVED

Restrict access to /nl/jsp/monitor.jsp

Avatar

Level 2

Hi all,

on my ACC instance, which is hosted on prem, I can access /nl/jsp/monitor.jsp, log in with an operator and then see the different monitoring metrics.

However, it seems like I can login with any operator, no matter the operator groups he is assigned to.
Is there any way to restrict access to /nl/jsp/monitor.jsp to operators having admin operator group only?

 

Thanks and BR

Sebastian

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

 

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

 

 

Thanks,

-Jon

2 Replies

Avatar

Correct answer by
Community Advisor

Hi,

 

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

 

 

Thanks,

-Jon