tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <>
Subject Re: Reject access to some files
Date Mon, 13 Jun 2005 10:48:34 GMT
On Mon, Jun 13, 2005 at 06:57:21AM +0200, Rene Guenther wrote:
: how to reject access to files? E.g. I got property files and war files in my
: root directory and I they must not be readable via HTTP Request.

Use a servlet filter.

Also, you received some sage advice from another poster: put your
properties files, or anything else you don't want served to clients,
under WEB-INF. 

I don't have the servlet spec in front of me right now, but I'm pretty
sure it mandates that compliant containers don't (directly) serve files
out of WEB-INF to clients.

So you could use a filter as a holdover, then move your files under

(As a side note, how are you loading these properties files?  If you put
them under WEB-INF/classes, you can use the classloader...)



software   --
tech news  --
code scan  --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message