How to stop direct access of a DSP?
Author: firstname.lastname@example.org (jasonzuvela)
I want to embed a range of DSPs using DSP containers, but I don't want to allow users to access those embedded components directly. So they should only be accessible through a DSP container. Has anyone come up with a solution to stop someone from directly accessing a DSP (by typing the component id into the url)?
I have tried looking into filtering urls in the http requests at a webserver level, through use of .htaccess or similar, but it doesn't seem like tomcat supports this kind of functionality. So far the only solution I have found is to put a http redirect in the DSP's <head>:
<meta http-equiv="Refresh" content="0; url=http://server:port/uniface/wrd/MAINCOMPONENTNAME" />
This works as when the DSP is loaded independantly, the page is redirected; though when it's embedded, the <head> is omitted and no redirect performed.
However, I did notice that webmessages put in the execute trigger would still be performed before the redirect enacted. Also, it appears uniface has no control over a redirect like this
Any ideas for something better and more secure?