Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    How to Require Authentication for WebVoyage Email Functionality

    • Product: Voyager
    • Product Version: 9.2.1
    • Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare

     

    Description

    By default the email functionality in WebVoyage, used for emailing WebVoyage results, does not require authentication. It is possible for this functionality to be abused. 

    Resolution

    WebVoyage can be configured to require a user to authenticate before the email functionality may be used.

    Procedure

    This procedure will result in the user being prompted for authentication before the user will be able to send emails. This procedure requires access ot the server as the Voyager user as well as the ability to edit WebVoyage configuration files. If you are unable or uncomfortable with this procedure, please contact support before proceeding.

    1. Login to the server as the voyager user.
    2. Locate the vwebv web.xml file, this may be found at: /m1/voyager/XXXdb/tomcat/vwebv/context/vwebv/WEB-INF/web.xml
    3. Open this file in a text editor and locate the following segment:

     <!--
        **
        ** Only servlets that are available only to authenticated users
        ** need to be behind the Authentication Filter
        **
         -->
        <filter-mapping>
            <filter-name>Authentication Filter</filter-name>

    1. After the line <filter-name>Authentication Filter</filter-name> add the following line:

    <url-pattern>/sendMail.do</url-pattern>

    1. The full <filter-mapping>tag should now resemble:

        <filter-mapping>
            <filter-name>Authentication Filter</filter-name>
            <url-pattern>/sendmail.do</url-pattern>
            <url-pattern>/addToList.do</url-pattern>
            <url-pattern>/changePIN.do/*</url-pattern>
            <url-pattern>/changePin/*</url-pattern>
            <url-pattern>/changeSMSNumber.do/*</url-pattern>
            <url-pattern>/deleteSearch.do</url-pattern>
            <url-pattern>/delFromList.do</url-pattern>
            <url-pattern>/editPreferences.do/*</url-pattern>
            <url-pattern>/editPreferences/*</url-pattern>
            <url-pattern>/getAuthScanDoc/*</url-pattern>
            <url-pattern>/myAccount/*</url-pattern>
            <url-pattern>/myList/*</url-pattern>
            <url-pattern>/mySearch/*</url-pattern>
            <url-pattern>/mySearchFormSubmit.do</url-pattern>
            <url-pattern>/patronRequest/*</url-pattern>
            <url-pattern>/patronRequests/*</url-pattern>
            <url-pattern>/personalInformation/*</url-pattern>
            <url-pattern>/saveSearchAdd.do</url-pattern>
            <url-pattern>/saveSearchAlertAdd.do</url-pattern>
            <url-pattern>/sendPatronRequest.do</url-pattern>
        </filter-mapping>

    1. Save the change and restart tomcat to put the change into effect.

    • Article last edited: 28-Nov-2017