File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Prevent static pages from being served by Tomcat

 
Joe Harry
Ranch Hand
Posts: 10047
3
Eclipse IDE Mac PPC Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,

I have a web application that has a couple of folders that contain static content (like javascript, css and a couple of jsp pages). I need to prevent direct access from outside to these files. I'm sure this must have been done by others a zillion times. What I want to know is that, is it a good idea to let this task to Apache web server or better to Tomcat?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64196
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you prevent outside access, then the browser can't load the files either.

In other words, you can't. What are you really trying to accomplish?
 
Joe Harry
Ranch Hand
Posts: 10047
3
Eclipse IDE Mac PPC Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have some css files and javascript files directly under my web application root. When the user calls http://mywebapp.com/js/main.js, it would render the js and I want to avoid this.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64196
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, but if the browser can't read the files, what good are they?
 
Joe Harry
Ranch Hand
Posts: 10047
3
Eclipse IDE Mac PPC Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But the browser need not access it directly. Only the jsp page that the user requests will have access to those static files. But at the same time, I do not want to put them under WEB-INF.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64196
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joe Harry wrote:But the browser need not access it directly.

Yes, it must. There is no difference between an HTML page requesting a resource and requesting it via the address var, The request is identical. You cannot prevent one without the other.

Only the jsp page that the user requests will have access to those static files

Incorrect, The JSP doesn't do anything except execute on the server to generate an HTML page. It's the HTML that then causes the browser to request any resources referenced within it.

But at the same time, I do not want to put them under WEB-INF.

Whether you want to or not is irrelevant. If you put them under WEB-INF, they cannot be used. So it's a moot point.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic