How to Require Authentication for WebVoyage Email Functionality
- Product: Voyager
- Product Version: 9.2.1
- Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare
Description
By default the email functionality in WebVoyage, used for emailing WebVoyage results, does not require authentication. It is possible for this functionality to be abused.
Resolution
WebVoyage can be configured to require a user to authenticate before the email functionality may be used.
Procedure
This procedure will result in the user being prompted for authentication before the user will be able to send emails. This procedure requires access ot the server as the Voyager user as well as the ability to edit WebVoyage configuration files. If you are unable or uncomfortable with this procedure, please contact support before proceeding.
- Login to the server as the voyager user.
- Locate the vwebv web.xml file, this may be found at: /m1/voyager/XXXdb/tomcat/vwebv/context/vwebv/WEB-INF/web.xml
- Open this file in a text editor and locate the following segment:
<!--
**
** Only servlets that are available only to authenticated users
** need to be behind the Authentication Filter
**
-->
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
- After the line
<filter-name>Authentication Filter</filter-name>
add the following line:
<url-pattern>/sendMail.do</url-pattern>
- The full
<filter-mapping>
tag should now resemble:
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/sendmail.do</url-pattern>
<url-pattern>/addToList.do</url-pattern>
<url-pattern>/changePIN.do/*</url-pattern>
<url-pattern>/changePin/*</url-pattern>
<url-pattern>/changeSMSNumber.do/*</url-pattern>
<url-pattern>/deleteSearch.do</url-pattern>
<url-pattern>/delFromList.do</url-pattern>
<url-pattern>/editPreferences.do/*</url-pattern>
<url-pattern>/editPreferences/*</url-pattern>
<url-pattern>/getAuthScanDoc/*</url-pattern>
<url-pattern>/myAccount/*</url-pattern>
<url-pattern>/myList/*</url-pattern>
<url-pattern>/mySearch/*</url-pattern>
<url-pattern>/mySearchFormSubmit.do</url-pattern>
<url-pattern>/patronRequest/*</url-pattern>
<url-pattern>/patronRequests/*</url-pattern>
<url-pattern>/personalInformation/*</url-pattern>
<url-pattern>/saveSearchAdd.do</url-pattern>
<url-pattern>/saveSearchAlertAdd.do</url-pattern>
<url-pattern>/sendPatronRequest.do</url-pattern>
</filter-mapping>
- Save the change and restart tomcat to put the change into effect.
- Article last edited: 28-Nov-2017