On 22-Jul-2009, at 20:23, Andre-John Mas wrote:
Hi,
If I create a folder in the base of my web application, for example:
webapp/mydir
can I prevent access to it?
What I am wanting to do it create modules within my web application
that contain the associated components:
webapp/
module/
js/
css/
jsp/
img/
The JSPs will be accessed via struts2, so I want to ensure that
someone typing:
http://../webapp/module/jsp/abc.jsp
won't be able to access the resource. I know I could put the JSPs in
WEB-INF (it is what I do now), though I am wanting to explore
another way of organising and grouping related resource, for easier
management.
Turns out I can do the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>JSP</web-resource-name>
<description>Prevents access to .jsp files</description>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
One other source suggested a filter. I have an answer to my question,
now to see if it solves anything.
André
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
