Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Shubi Yang (ShubiY62)
Accenture
Senior System Architect
Accenture
JP
ShubiY62 Member since 2016 21 posts
Accenture
Posted: May 21, 2018
Last activity: Apr 2, 2019
Posted: 21 May 2018 5:35 EDT
Last activity: 2 Apr 2019 7:42 EDT
Closed

How to deny user access to default portal

Hi,

We have a requirement which want user open a specific assignment from an URL without login screen and do not showing operator default portal.

I have configurated a custom Authenditication Service and mapped it to the web.xml, let's say "ServletCustom". Also created an Activity to handle open assignment and use URLMapping rule to map it . Now user can open the specific assignment directly by clicking the URL like below

http://IPADDEREE:PORT/prweb/ServletCustom/MyActivityURLMapping

However, the problem is if user request the servlet directly http://IPADDEREE:PORT/prweb/ServletCustom/, he/she can open the default portal of his/her accessgroup.

We need to avoid this behavior, could anyone tell us how to do it?

Thanks

***Updated by moderator: Lochan to add Categories***

To see attachments, please log in.
Java and Activities
Security
System Administration

Posted: 6 years ago
Posted: 21 May 2018 6:20 EDT
Shubi Yang (ShubiY62)
Accenture
Senior System Architect
Accenture
JP

I found that it is ok to delete all portals from AccessGroup setting, so users have no portal to access, but is it the best practice? 

Can users execute unexpected activities by requesting URL directly if they have the privilege? Should we deny all unallowed access by setting access control(ARO and Access Deny)?

 

To see attachments, please log in.
Posted: 6 years ago
Posted: 29 May 2018 19:21 EDT
Santhosh Bagannagari (bagas)
Pegasystems Inc.
Tech Lead, Security Engineering
Pegasystems Inc.
IN

Hi,

If you are requirement is to avoid unauthorized access rather than hiding portal UI, then you should use RARO and RADOs to set appropriate access control. 

Thanks,

Santhosh

To see attachments, please log in.
Posted: 6 years ago
Posted: 29 May 2018 1:23 EDT
Vikash Ranjan Karn (Vikash Karn)
Pegasystems Inc.
Senior Technical Solutions Engineer
Pegasystems Inc.
IN

Hi Shubu,

 

I tried deleting all the portals from AccessGroup setting and Pega didn't gave any guardrail warning, so i think it is ok to  delete the portals from Access Group.

 

Regards,

Vikash

To see attachments, please log in.
Posted: 5 years ago
Posted: 2 Apr 2019 7:13 EDT
Onkar Yerawar (OnkarY33)
HCL
Onkar Yerawar
HCL
IN

Hi,

We have similar requirement wherein we have mashed up a work list and new case creation in a web application and we also want to restrict access to the portal by directly accessing /prweb url. If I remove all portals from access group it works as intended but all the styling is lost as it does not apply skin from application rule.

Anyone has any idea on how to make it apply styling from Application rule.

PS - The portal which I removed also uses application skin.

Thank you.

Best regards,

Onkar

To see attachments, please log in.
Posted: 5 years ago
Posted: 2 Apr 2019 7:42 EDT
Vidyaranjan AV (Vidyaranjan) Senior Online Community Moderator
Pegasystems Inc.
IN

Hi,

Thank you for posting your query in the PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write Post button here. Once created, please reply back here with the URL of the new post.

You may also refer this discussion link as a reference in the new thread.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice