How to integrate hdiv with multiple modules (running in same tomcat)

Question

We have a legacy web application (consisting of 5 modules) running in tomcat 6 and trying to integrate with HDIV. User will be authenticated from module-1, created a cookie for session token and securing other modules by using filter to validate user by using cookie and authentication information from application cache.

Created separate hdiv-config.xml and same is configured through web.xml in respective modules.

In this scenario how to configure start page urls? If we restricted to login page, other modules are inaccessible. If we configure allow all pages as start pages HDIV is not including _HDIV_STATE_ param to protect from CSRF.

Looks like each module using its won HTTP Session.

We want to protect all modules from cross site request forgery (CSRF), please advice on same.

Thanks, Suresh

score 0 · Answer 1 · answered Apr 28 '14 at 07:51

0

Each module needs its own HDIV configuration.

Configure login url as start page only in module-1.

In the other modules define as start pages only urls that are used to move from one module to another.

Module internal urls (that don't change of module) can be protected by HDIV.

answered Apr 28 '14 at 07:51

gillarramendi

271
1
8

Thanks for the update, I would like to understand how does HDIV distinguishes module internal pages with start pages? – Suresh May 02 '14 at 09:50

How to integrate hdiv with multiple modules (running in same tomcat)

1 Answers1