Hi, How to disable a directory kept under \\websphere\appserver\installedApps\Apps.ear\webmod.war\directorytobeprotected. If we are going thro' servlet / jsp , the particular files kept in the 'dirtobeprotected' should be accessible to the application. But if any body access the particular files directly without going through servlet the files in the particular folder should not be viewed. This we can achieve if the files kept are jsps . But the files kept in the above folder 'dirtobeprotected' are .rpt(Crystal report files) files. How to protect those files? Can any one help me to solve this............
I haven't tested it in Websphere, but the spec states that the server should not be allowed to serve resources from the WEB-INF directory, so the problem is partialy solved, but the server may not allow it to serve JSPs from the WEB-INF directory at all. This is the way Tomcat does it. ie You can store config files in the WEB-INF directory and access them via ClassLoaders etc, but you cannot .forward or .include resources in that directory - therefore I believe it may not solve the problem. Anyone prepared to give it a try in Websphere? Dave
Joined: Apr 04, 2002
Hi, For accessing reports, we have created the alias in the http server. This creates the problem. Whereever I am keeping the reports directory i.e "directorytobeprotected" in webmod.war or web-inf\classes , there will be no difference while accessing the files from http server. How can we disable this folder from outside parties if they do unauthorised access ? I am not able to provide security for *.rpt files since they are running in another crystal webserver ? Can anyone please help me to solve this......