On Tue, Oct 12, 2004 at 09:01:04AM -0600, Robert Harper wrote:
: http://localhost:8080/ctimpact/usr/1234567890/.properties,
: I would get the contents of that file. This is not acceptable.
So far, so good.
What about putting the and inside
tags? That works for me:
Subscri
Message-
> From: QM [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 11, 2004 9:05 PM
> To: Tomcat Users List
> Subject: Re: Blocking access to static content
>
> On Mon, Oct 11, 2004 at 01:27:14PM -0600, Robert Harper wrote:
> : I tried filters but my filters were not
On Mon, Oct 11, 2004 at 01:27:14PM -0600, Robert Harper wrote:
: I tried filters but my filters were not always called.
It may be helpful to get to the root of why the filters weren't called.
What happened? What was in web.xml?
Better yet, just define security-constraints in web.xml and limit ac
You can put all your resources (images, jsp, ..) under the WEB-INF directory.
Arnaud.
> -Message d'origine-
> De : Robert Harper [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 11 octobre 2004 21:27
> À : 'Tomcat Users List'
> Objet : RE: Blocking access to stati
I tried filters but my filters were not always called.
Robert S. Harper
801.265.8800 ex. 255
> -Original Message-
> From: QM [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 11, 2004 12:57 PM
> To: Tomcat Users List
> Subject: Re: Blocking access to static content
>
On Mon, Oct 11, 2004 at 12:39:13PM -0600, Robert Harper wrote:
: I have turned the listings off in the default servlet. Now how do I keep users
: from directly accessing anything outside of the defined servlets and JSP pages
: even if the user knows the path to the file?
Filters, filters, filters.
The best way is to place all protected content under WEB-INF.
-Tim
Robert Harper wrote:
I have turned the listings off in the default servlet. Now how do I keep users
from directly accessing anything outside of the defined servlets and JSP pages
even if the user knows the path to the file?
