I'm trying to use a Security Filter service to manage secure access to some of our forms. The aim is to only allow access from a specific referer - for use with internal forms.

I've used the provided code as a template, but cannot get the behaviour that I'm after.

I have used the default code for txn, and added some code to handle referer:

// Opening a new form
if (txn == null) {

String referer = request.getHeader("referer")
logger.info("referer = ${referer}")
if (!referer || !referer.contains("http://my-internal-url-link")) {
throw new RedirectException("../not-authorized.htm")

If I copy a form url and paste into the browser, the form opens - but I expect it to be restricted based on referere = null. But it seems that the txn is null.

If I remove the above code handling the txn, then I face problems because I cannot launch a form from TM using the 'direct' link.

How can I restrict form access based on referer, but still allow access for development and testing purposes?



    CommentAdd your comment...