You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Pham Anh Tuan <an...@ichi-corp.jp> on 2005/08/02 06:03:26 UTC

[HELP] How can deny access to folders at web app root

Hi all :)

I use Tomcat and Struts framework to build my web app.

I lay jsp document file at web app root.Such as cart and user.

something like:
/cart
/user
/WEB-INF/
....

When I run my web app, I could access /webapp/cart folder and /webapp/user folder from browser. All files in 2 folders above are listed.

I don't know there's any solution to deny access to cart and user folder? Should I configure Tomcat, do something like with httpd.conf file of Apache.

help me :(

Thanks for ur reading,

Pham

Re: [HELP] How can deny access to folders at web app root

Posted by Tamas Szabo <sz...@gmail.com>.

Hi,

Pham Anh Tuan wrote:

>Hi all :)
>
>I use Tomcat and Struts framework to build my web app.
>
>I lay jsp document file at web app root.Such as cart and user.
>
>something like:
>/cart
>/user
>/WEB-INF/
>....
>
>When I run my web app, I could access /webapp/cart folder and /webapp/user folder from browser. All files in 2 folders above are listed.
>
>I don't know there's any solution to deny access to cart and user folder? Should I configure Tomcat, do something like with httpd.conf file of Apache.
>
>help me :(
>  
>
I don't know if it's acceptable for you but you could put the resources 
that shouldn't be accessed directly from a browser in WEB-INF.
The servlet specs guarantees that the resources under WEB-INF cannot be 
accessed directly.

You will be able to forward to these resources, so that's how you can 
return the protected resources to the browser.

Tamas


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Tremal Nailk <tr...@gmail.com>.

2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
> oh, I use
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> too,
> everything runs okie :)
> 


yes, you're right, I misunderstood Paul's mail. Now it's working for me too :)

thanks

-- 
TREMALNAIK

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Pham Anh Tuan <an...@ichi-corp.jp>.

oh, I use 
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class> too, 
everything runs okie :)

I use Tomcat 4.1 ...

Pham
----- Original Message ----- 
From: "Tremal Nailk" <tr...@gmail.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 3:59 PM
Subject: Re: [HELP] How can deny access to folders at web app root


> 2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
>> Tremal, you said: it doesn't work for Strut's ActionServlet, what you 
>> mean ?
>
> I mean, Paul's example is valid for Catalina DefaultServlet:
>
> <servlet-class>
>   org.apache.catalina.servlets.DefaultServlet
> </servlet-class>
>
> as you can see here:
>
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/default-servlet.html
>
> But I'm using the Struts ActionServlet as controller:
>
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
>
> It does not accept 'listings' as init-param, so I was asking for an 
> analogue.
>
> Bye
>
> -- 
> TREMALNAIK
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Tremal Nailk <tr...@gmail.com>.

2005/8/2, Pham Anh Tuan <an...@ichi-corp.jp>:
> Tremal, you said: it doesn't work for Strut's ActionServlet, what you mean ?

I mean, Paul's example is valid for Catalina DefaultServlet:

<servlet-class>
   org.apache.catalina.servlets.DefaultServlet
</servlet-class>

as you can see here:

http://jakarta.apache.org/tomcat/tomcat-5.0-doc/default-servlet.html

But I'm using the Struts ActionServlet as controller:

<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

It does not accept 'listings' as init-param, so I was asking for an analogue.

Bye  

-- 
TREMALNAIK

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Pham Anh Tuan <an...@ichi-corp.jp>.

Tremal, you said: it doesn't work for Strut's ActionServlet, what you mean ?

----- Original Message ----- 
From: "Tremal Nailk" <tr...@gmail.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 3:30 PM
Subject: Re: [HELP] How can deny access to folders at web app root


> 2005/8/2, Paul Benedict <pa...@yahoo.com>:
>>        <init-param>
>>            <param-name>listings</param-name>
>> -->         <param-value>false</param-value>
>>        </init-param>
> 
> I think it's useful, but it doesn't work for Strut's ActionServlet. Is
> there an easy equivalent for it, beside using filters?
> 
> 
> Thanks,
> 
> -- 
> TREMALNAIK
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Tremal Nailk <tr...@gmail.com>.

2005/8/2, Paul Benedict <pa...@yahoo.com>:
>        <init-param>
>            <param-name>listings</param-name>
> -->         <param-value>false</param-value>
>        </init-param>

I think it's useful, but it doesn't work for Strut's ActionServlet. Is
there an easy equivalent for it, beside using filters?


Thanks,

-- 
TREMALNAIK

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Pham Anh Tuan <an...@ichi-corp.jp>.

Thanks to Tamas, if do like what you instruct me, what about Image 
resources? I couldn't access to view them if I use code in jsp file. Such 
as: <img src=""/> :(

The solution of Paul solved my problem :)


HTTP Status 404 - /auctionsystem/images/

--------------------------------------------------------------------------------

type Status report

message /auctionsystem/images/

description The requested resource (/auctionsystem/images/) is not 
available.


--------------------------------------------------------------------------------

Apache Tomcat/4.1.31

Thanks to you all :)

Pham
----- Original Message ----- 
From: "Paul Benedict" <pa...@yahoo.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, August 02, 2005 11:17 AM
Subject: Re: [HELP] How can deny access to folders at web app root


> Pham,
>
> Go into your Tomcat/conf directory and edit the
> default web.xml. You want to turn directory listings
> off from the default servlet:
>
>    <servlet>
>        <servlet-name>default</servlet-name>
>        <servlet-class>
>          org.apache.catalina.servlets.DefaultServlet
>        </servlet-class>
>        <init-param>
>            <param-name>debug</param-name>
>            <param-value>0</param-value>
>        </init-param>
>        <init-param>
>            <param-name>listings</param-name>
> -->         <param-value>false</param-value>
>        </init-param>
>        <load-on-startup>1</load-on-startup>
>    </servlet>
>
> God bless,
> Paul
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>0 



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [HELP] How can deny access to folders at web app root

Posted by Paul Benedict <pa...@yahoo.com>.

Pham,

Go into your Tomcat/conf directory and edit the
default web.xml. You want to turn directory listings
off from the default servlet:

    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>
          org.apache.catalina.servlets.DefaultServlet
        </servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
-->         <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

God bless,
Paul



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org