• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Restrict Users Accessing Folders Under Root

 
Vijay Bharghav bheemineni
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

Recently I had developed website, which I would be hosting online on Tomcat Server soon. I don't want users to access my resources under Root Context for example "Images","CSS", "Java Script" extra.

I know all resources under "/WEB-INF" are restricted but I don't want to keep them over there.

I can implement filters and based on URL I can reject the request but I want to find if there is any better way of doing this?.

Please advice.

Thanks in advance.

Vijay Bheemineni.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64715
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why? The browser needs access to these files and so your visitors can get them out of the cache even you somehow managed to restrict direct access.

Originally posted by Vijay Bharghav bheemineni:
I know all resources under "/WEB-INF" are restricted but I don't want to keep them over there.
You couldn't anyways. Doing so would prevent the browser from accessing them.

I can implement filters and based on URL I can reject the request
Again, no. The files must be accessible so the browser can access them as part of rendering the page.
[ July 05, 2008: Message edited by: Bear Bibeault ]
 
Vijay Bharghav bheemineni
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Bear, so you mean to say there is no way stopping users from accessing the content which is under "Root" but not under "/WEB-INF".
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64715
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Vijay Bharghav bheemineni:
so you mean to say there is no way stopping users from accessing the content which is under "Root" but not under "/WEB-INF".
Of course there is. But my point was that if you do so, then they can't be used at all. So what's the point?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic