Restrict access to /nl/jsp/monitor.jsp

Forum|Forum|4 years ago
March 25, 2021
1 reply
1552 views

Hi all,

on my ACC instance, which is hosted on prem, I can access /nl/jsp/monitor.jsp, log in with an operator and then see the different monitoring metrics.

However, it seems like I can login with any operator, no matter the operator groups he is assigned to.
Is there any way to restrict access to /nl/jsp/monitor.jsp to operators having admin operator group only?

Thanks and BR

Sebastian

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Jonathon_wodnicki

Hi,

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

Thanks,

-Jon

Jonathon_wodnicki

Accepted solution

Community Advisor

Hi,

Security is performed here by hiding the link to the page from non-admin users in the nav bar.

The jsp page can be altered (overwritten on upgrade) to add proper authorization check tho, put this at the top somewhere:

if (!ctx.hasRight('admin')) {
  response.sendError(HttpServletResponse.SC_FORBIDDEN);
  return;
}

Thanks,

-Jon

Sebastian_RockwAuthor

Level 2

Thanks a lot, Jon! BR Sebastian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded