You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Luiz Ricardo <lu...@itx.com.br> on 2002/12/11 17:12:33 UTC
Deny access to directory of a web-app
Hi everybody,
I'd like to know if there's anyway to deny acess to a specific directory of
a web-app using only TomCat through config in web.xml. Example, in a web-app
"test" there's a directory called "conf" (<CATALINA_HOME>/webapps/test/conf)
with some configurations file so I don´t want users accessing this directory
via URL.
I tried to use <security-constraint> but I cannot do so much.
Luiz Ricardo
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Deny access to directory of a web-app
Posted by Luiz Ricardo <lu...@itx.com.br>.
Hi,
I could do that but the localization of this dir is a requirement for my
application run, it's kinda "legacy problem".
I was thinking of mapping the url "/conf" to a servlet that returns a 404
HTTP Message.
Luiz Ricardo
----- Original Message -----
From: "Jacob Kjome" <ho...@visi.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, December 11, 2002 3:30 PM
Subject: Re: Deny access to directory of a web-app
> Hello Luiz,
>
> Why don't you put your "conf" directory under WEB-INF? That is
> restricted by default. Your app will still have complete programmatic
> access to it, but it won't be accessible via the web which is exactly
> what you want.
>
> Jake
>
> Wednesday, December 11, 2002, 10:12:33 AM, you wrote:
>
> LR> Hi everybody,
>
> LR> I'd like to know if there's anyway to deny acess to a specific
directory of
> LR> a web-app using only TomCat through config in web.xml. Example, in a
web-app
> LR> "test" there's a directory called "conf"
(<CATALINA_HOME>/webapps/test/conf)
> LR> with some configurations file so I don´t want users accessing this
directory
> LR> via URL.
>
> LR> I tried to use <security-constraint> but I cannot do so much.
>
> LR> Luiz Ricardo
>
>
> LR> --
> LR> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> LR> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
>
> --
> Best regards,
> Jacob mailto:hoju@visi.com
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Deny access to directory of a web-app
Posted by Jacob Kjome <ho...@visi.com>.
Hello Luiz,
Why don't you put your "conf" directory under WEB-INF? That is
restricted by default. Your app will still have complete programmatic
access to it, but it won't be accessible via the web which is exactly
what you want.
Jake
Wednesday, December 11, 2002, 10:12:33 AM, you wrote:
LR> Hi everybody,
LR> I'd like to know if there's anyway to deny acess to a specific directory of
LR> a web-app using only TomCat through config in web.xml. Example, in a web-app
LR> "test" there's a directory called "conf" (<CATALINA_HOME>/webapps/test/conf)
LR> with some configurations file so I don´t want users accessing this directory
LR> via URL.
LR> I tried to use <security-constraint> but I cannot do so much.
LR> Luiz Ricardo
LR> --
LR> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
LR> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
Best regards,
Jacob mailto:hoju@visi.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>