tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kim <>
Subject Re: restrict per user public_html to serve static files only...
Date Wed, 27 Jun 2012 06:57:20 GMT
Thanks for the advice. I do implement a Valve class to capture all the
request before forwarding to actual web app. However, I can not know
in advance the actual url for the servlet or JSP ..
i.e. I can not know from the URI  in the Valve class that the
resources is static files or servlet ...

2012/6/27 André Warnier <>:
> Kim wrote:
>> Hi, Dear all
>> I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11.
>> I need to enable public_html for my user but for security reason, I
>> would like restrict the functions to serve static files only.
>> Can anyone tell me how to do that ?
>> Actually I can build tomcat from src and don't mind modify the code
>> base for this specific feature.
>> Can anyone help me to point out which source file I should modify ...
>> Regards,
>> Kim
> Modifying the Tomcat code base for this seems to me a heavy, non-portable,
> non-maintainable, non-upgradable solution.
> You could this with a very simple (*) Servlet Filter.  One may already exist
> which does that.
> I'd be surprised if you couldn't do that with, for example, the URLRewrite
> filter.
> Rewrite URLs that do not point to static pages, to some error page URL, et
> voila.
> (better : rewrite all /public_html/* URLs to the error page, /except/ if
> they end in \.(xxx|yyy|zzz))
> (*) and light and portable and maintainable and upgradable
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message