Thanks for the pointer, I have tried to implement it and while I had great results with the protection of a database query, I am struggling to protect a whole STATIC page, where the page content itself should not be shown to unauthorized users, again I am referring to the page itself, not the dynamic data generated by an SQL query.
Please have a look to my simple example:
As you can easily see, I am trying to restrict access to the page called “staticSecretContent.html”.
In order to achieve my expected result, I have used Server Connect and connected the page to the Action “redirectUnauthorized”, NOTE that I have set the property Login URL to the login page, so I am EXPECTING (but it does not work) that if the user is not authorized, the user is redirected to the login page. The action is very simple and it consists in a simple Security Provider step and the following step is the Security Restrict. For simplicity, the Security Provider is of Type Single and the user and password is declared within the Security Provider as follow:
Unfortunately, instead of having unauthorized users redirected to the login page, the “staticSecretContent.html” is shown in full.
From the browser developer tools I can see that the application is calling the page login as expected, however it is using an XHR redirect that is not returning any visible content as such the restriction is not effective and it is not producing the expected result, which I repeat is to fully protect the static page content.
As you can see from the Inspect tab, all seems fine, my example should work, instead I am getting the secret content fully disclosed…
Please help.