File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to disable a particular directory while accessing thro' ibm httpserver ?

 
Siva Ram
Ranch Hand
Posts: 66
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
How to disable a directory kept under \\websphere\appserver\installedApps\Apps.ear\webmod.war\directorytobeprotected.
If we are going thro' servlet / jsp , the particular files kept in the 'dirtobeprotected' should be accessible to the application. But if any body access the particular files directly without going through servlet the files in the particular folder should not be viewed. This we can achieve if the files kept are jsps . But the files kept in the above folder 'dirtobeprotected' are .rpt(Crystal report files) files.
How to protect those files? Can any one help me to solve this............
 
Axel Janssen
Ranch Hand
Posts: 2166
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What about putting them into the WEB-INF - folder of your war-file?
This folder is only visible from inside the app.
Axel
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I haven't tested it in Websphere, but the spec states that the server should not be allowed to serve resources from the WEB-INF directory, so the problem is partialy solved, but the server may not allow it to serve JSPs from the WEB-INF directory at all.
This is the way Tomcat does it. ie You can store config files in the WEB-INF directory and access them via ClassLoaders etc, but you cannot .forward or .include resources in that directory - therefore I believe it may not solve the problem.
Anyone prepared to give it a try in Websphere?
Dave
 
Siva Ram
Ranch Hand
Posts: 66
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
For accessing reports, we have created the alias in the http server. This creates the problem. Whereever I am keeping the reports directory i.e "directorytobeprotected" in webmod.war or web-inf\classes , there will be no difference while accessing the files from http server. How can we disable this folder from outside parties if they do unauthorised access ? I am not able to provide security for *.rpt files since they are running in another crystal webserver ? Can anyone please help me to solve this......
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic