aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes Prevent static pages from being served by Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Prevent static pages from being served by Tomcat" Watch "Prevent static pages from being served by Tomcat" New topic
Author

Prevent static pages from being served by Tomcat

Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9349
    
    2

Guys,

I have a web application that has a couple of folders that contain static content (like javascript, css and a couple of jsp pages). I need to prevent direct access from outside to these files. I'm sure this must have been done by others a zillion times. What I want to know is that, is it a good idea to let this task to Apache web server or better to Tomcat?


SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60975
    
  65

If you prevent outside access, then the browser can't load the files either.

In other words, you can't. What are you really trying to accomplish?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9349
    
    2

I have some css files and javascript files directly under my web application root. When the user calls http://mywebapp.com/js/main.js, it would render the js and I want to avoid this.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60975
    
  65

Sorry, but if the browser can't read the files, what good are they?
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9349
    
    2

But the browser need not access it directly. Only the jsp page that the user requests will have access to those static files. But at the same time, I do not want to put them under WEB-INF.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60975
    
  65

Joe Harry wrote:But the browser need not access it directly.

Yes, it must. There is no difference between an HTML page requesting a resource and requesting it via the address var, The request is identical. You cannot prevent one without the other.

Only the jsp page that the user requests will have access to those static files

Incorrect, The JSP doesn't do anything except execute on the server to generate an HTML page. It's the HTML that then causes the browser to request any resources referenced within it.

But at the same time, I do not want to put them under WEB-INF.

Whether you want to or not is irrelevant. If you put them under WEB-INF, they cannot be used. So it's a moot point.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Prevent static pages from being served by Tomcat