| Author |
Restrict raw xhtml files from being typed in the browser directly
|
shiva kalyan
Greenhorn
Joined: Jun 11, 2008
Posts: 2
|
|
Hi All,
I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml
.
.
.
<security-constraint>
<display-name>Restrict XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
</security-constraint>
But when I gave the following url in my browser
http://localhost:<port no.>/<application>/<page-name>.xhtml
The xhtml page is getting displayed.
All xhtml files are in the root directory
javascript - folder
.
.
*.xhtml - files
.
.
WEB-INF - folder
|
 |
Venkat Sadasivam
Ranch Hand
Joined: May 10, 2008
Posts: 139
|
|
|
You can write a servlet filter to block all the *.xhtml access.
|
“Any fool can write code that a computer can understand. Good programmers write code that humans can understand. ”<br>
-Martin Fowler
|
|
shiva kalyan
Greenhorn
Joined: Jun 11, 2008
Posts: 2
|
|
Thanks Venkat for your reply.
<security-constraint> tag should restrict the url patterns specified,
is something wrong with the way i've specified in web.xml?
|
|
Tim Holloway
Saloon Keeper
Joined: Jun 25, 2001
Posts: 14572
|
|
Security constraints in web.xml only work if you're using container-based security. That means among other things that you have to have designed the webapp to let the server manage the authentication (login) and authorization processes. Which I recommend, but it's not appropriate in all cases.
The best way to hide the raw .xhtml is to put it underneath the WEB-INF directory. Files and directories inside WEB-INF are effectively invisible to external access.
|
Customer surveys are for companies who didn't pay proper attention to begin with.
|
|
 |
|
|
subject: Restrict raw xhtml files from being typed in the browser directly
|
|
|
0
