Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Restrict raw xhtml files from being typed in the browser directly

 
shiva kalyan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
<security-constraint>
<display-name>Restrict XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
</security-constraint>


But when I gave the following url in my browser
http://localhost:<port no.>/<application>/<page-name>.xhtml

The xhtml page is getting displayed.


All xhtml files are in the root directory

javascript - folder
.
.
*.xhtml - files
.
.
WEB-INF - folder
 
Venkat Sadasivam
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can write a servlet filter to block all the *.xhtml access.
 
shiva kalyan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Venkat for your reply.

<security-constraint> tag should restrict the url patterns specified,
is something wrong with the way i've specified in web.xml?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18020
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security constraints in web.xml only work if you're using container-based security. That means among other things that you have to have designed the webapp to let the server manage the authentication (login) and authorization processes. Which I recommend, but it's not appropriate in all cases.

The best way to hide the raw .xhtml is to put it underneath the WEB-INF directory. Files and directories inside WEB-INF are effectively invisible to external access.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic