You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Pham Anh Tuan <an...@ichi-corp.jp> on 2005/08/02 06:03:26 UTC
[HELP] How can deny access to folders at web app root
Hi all :)
I use Tomcat and Struts framework to build my web app.
I lay jsp document file at web app root.Such as cart and user.
something like:
/cart
/user
/WEB-INF/
....
When I run my web app, I could access /webapp/cart folder and /webapp/user folder from browser. All files in 2 folders above are listed.
I don't know there's any solution to deny access to cart and user folder? Should I configure Tomcat, do something like with httpd.conf file of Apache.
help me :(
Thanks for ur reading,
Pham
Re: [HELP] How can deny access to folders at web app root
Posted by Tamas Szabo <sz...@gmail.com>.
Hi,
Pham Anh Tuan wrote:
>Hi all :)
>
>I use Tomcat and Struts framework to build my web app.
>
>I lay jsp document file at web app root.Such as cart and user.
>
>something like:
>/cart
>/user
>/WEB-INF/
>....
>
>When I run my web app, I could access /webapp/cart folder and /webapp/user folder from browser. All files in 2 folders above are listed.
>
>I don't know there's any solution to deny access to cart and user folder? Should I configure Tomcat, do something like with httpd.conf file of Apache.
>
>help me :(
>
>
I don't know if it's acceptable for you but you could put the resources
that shouldn't be accessed directly from a browser in WEB-INF.
The servlet specs guarantees that the resources under WEB-INF cannot be
accessed directly.
You will be able to forward to these resources, so that's how you can
return the protected resources to the browser.
Tamas
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Tremal Nailk <tr...@gmail.com>.
2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
> oh, I use
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> too,
> everything runs okie :)
>
yes, you're right, I misunderstood Paul's mail. Now it's working for me too :)
thanks
--
TREMALNAIK
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Pham Anh Tuan <an...@ichi-corp.jp>.
oh, I use
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class> too,
everything runs okie :)
I use Tomcat 4.1 ...
Pham
----- Original Message -----
From: "Tremal Nailk" <tr...@gmail.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 3:59 PM
Subject: Re: [HELP] How can deny access to folders at web app root
> 2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
>> Tremal, you said: it doesn't work for Strut's ActionServlet, what you
>> mean ?
>
> I mean, Paul's example is valid for Catalina DefaultServlet:
>
> <servlet-class>
> org.apache.catalina.servlets.DefaultServlet
> </servlet-class>
>
> as you can see here:
>
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/default-servlet.html
>
> But I'm using the Struts ActionServlet as controller:
>
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
>
> It does not accept 'listings' as init-param, so I was asking for an
> analogue.
>
> Bye
>
> --
> TREMALNAIK
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Tremal Nailk <tr...@gmail.com>.
2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
> Tremal, you said: it doesn't work for Strut's ActionServlet, what you mean ?
I mean, Paul's example is valid for Catalina DefaultServlet:
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
as you can see here:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/default-servlet.html
But I'm using the Struts ActionServlet as controller:
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
It does not accept 'listings' as init-param, so I was asking for an analogue.
Bye
--
TREMALNAIK
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Pham Anh Tuan <an...@ichi-corp.jp>.
Tremal, you said: it doesn't work for Strut's ActionServlet, what you mean ?
----- Original Message -----
From: "Tremal Nailk" <tr...@gmail.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 3:30 PM
Subject: Re: [HELP] How can deny access to folders at web app root
> 2005/8/2, Paul Benedict <pa...@yahoo.com>:
>> <init-param>
>> <param-name>listings</param-name>
>> --> <param-value>false</param-value>
>> </init-param>
>
> I think it's useful, but it doesn't work for Strut's ActionServlet. Is
> there an easy equivalent for it, beside using filters?
>
>
> Thanks,
>
> --
> TREMALNAIK
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Tremal Nailk <tr...@gmail.com>.
2005/8/2, Paul Benedict <pa...@yahoo.com>:
> <init-param>
> <param-name>listings</param-name>
> --> <param-value>false</param-value>
> </init-param>
I think it's useful, but it doesn't work for Strut's ActionServlet. Is
there an easy equivalent for it, beside using filters?
Thanks,
--
TREMALNAIK
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Pham Anh Tuan <an...@ichi-corp.jp>.
Thanks to Tamas, if do like what you instruct me, what about Image
resources? I couldn't access to view them if I use code in jsp file. Such
as: <img src=""/> :(
The solution of Paul solved my problem :)
HTTP Status 404 - /auctionsystem/images/
--------------------------------------------------------------------------------
type Status report
message /auctionsystem/images/
description The requested resource (/auctionsystem/images/) is not
available.
--------------------------------------------------------------------------------
Apache Tomcat/4.1.31
Thanks to you all :)
Pham
----- Original Message -----
From: "Paul Benedict" <pa...@yahoo.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 11:17 AM
Subject: Re: [HELP] How can deny access to folders at web app root
> Pham,
>
> Go into your Tomcat/conf directory and edit the
> default web.xml. You want to turn directory listings
> off from the default servlet:
>
> <servlet>
> <servlet-name>default</servlet-name>
> <servlet-class>
> org.apache.catalina.servlets.DefaultServlet
> </servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>listings</param-name>
> --> <param-value>false</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> God bless,
> Paul
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>0
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [HELP] How can deny access to folders at web app root
Posted by Paul Benedict <pa...@yahoo.com>.
Pham,
Go into your Tomcat/conf directory and edit the
default web.xml. You want to turn directory listings
off from the default servlet:
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
--> <param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
God bless,
Paul
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org