tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: restrict per user public_html to serve static files only...
Date Wed, 27 Jun 2012 06:45:18 GMT
Kim wrote:

> Hi, Dear all
> I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11.
> I need to enable public_html for my user but for security reason, I
> would like restrict the functions to serve static files only.
> Can anyone tell me how to do that ?
> Actually I can build tomcat from src and don't mind modify the code
> base for this specific feature.
> Can anyone help me to point out which source file I should modify ...
> Regards,
> Kim

Modifying the Tomcat code base for this seems to me a heavy, non-portable, 
non-maintainable, non-upgradable solution.
You could this with a very simple (*) Servlet Filter.  One may already exist which does that.
I'd be surprised if you couldn't do that with, for example, the URLRewrite filter.
Rewrite URLs that do not point to static pages, to some error page URL, et voila.
(better : rewrite all /public_html/* URLs to the error page, /except/ if they end in 

(*) and light and portable and maintainable and upgradable

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message