tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre-John Mas <aj...@sympatico.ca>
Subject Re: Preventing access to directories?
Date Thu, 23 Jul 2009 03:05:34 GMT

On 22-Jul-2009, at 20:23, Andre-John Mas wrote:

> Hi,
>
> If I create a folder in the base of my web application, for example:
>
>  webapp/mydir
>
> can I prevent access to it?
>
> What I am wanting to do it create modules within my web application  
> that contain the associated components:
>
>  webapp/
>     module/
>       js/
>       css/
>       jsp/
>       img/
>
> The JSPs will be accessed via struts2, so I want to ensure that  
> someone typing:
>
>   http://../webapp/module/jsp/abc.jsp
>
> won't be able to access the resource. I know I could put the JSPs in  
> WEB-INF (it is what I do now), though I am wanting to explore  
> another way of organising and grouping related resource, for easier  
> management.
>

Turns out I can do the following:

    <security-constraint>
	 <web-resource-collection>
		<web-resource-name>JSP</web-resource-name>
		<description>Prevents access to .jsp files</description>
		<url-pattern>*.jsp</url-pattern>
       </web-resource-collection>
       <auth-constraint/>
    </security-constraint>

One other source suggested a filter. I have an answer to my question,  
now to see if it solves anything.

André
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message