aspose file tools*
The moose likes Websphere and the fly likes How to disable a particular directory while accessing thro' ibm httpserver ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "How to disable a particular directory while accessing thro Watch "How to disable a particular directory while accessing thro New topic
Author

How to disable a particular directory while accessing thro' ibm httpserver ?

Siva Ram
Ranch Hand

Joined: Apr 04, 2002
Posts: 66
Hi,
How to disable a directory kept under \\websphere\appserver\installedApps\Apps.ear\webmod.war\directorytobeprotected.
If we are going thro' servlet / jsp , the particular files kept in the 'dirtobeprotected' should be accessible to the application. But if any body access the particular files directly without going through servlet the files in the particular folder should not be viewed. This we can achieve if the files kept are jsps . But the files kept in the above folder 'dirtobeprotected' are .rpt(Crystal report files) files.
How to protect those files? Can any one help me to solve this............


Thanks and Regards,<br />Siva Ram .NR
Axel Janssen
Ranch Hand

Joined: Jan 08, 2001
Posts: 2164
What about putting them into the WEB-INF - folder of your war-file?
This folder is only visible from inside the app.
Axel
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I haven't tested it in Websphere, but the spec states that the server should not be allowed to serve resources from the WEB-INF directory, so the problem is partialy solved, but the server may not allow it to serve JSPs from the WEB-INF directory at all.
This is the way Tomcat does it. ie You can store config files in the WEB-INF directory and access them via ClassLoaders etc, but you cannot .forward or .include resources in that directory - therefore I believe it may not solve the problem.
Anyone prepared to give it a try in Websphere?
Dave
Siva Ram
Ranch Hand

Joined: Apr 04, 2002
Posts: 66
Hi,
For accessing reports, we have created the alias in the http server. This creates the problem. Whereever I am keeping the reports directory i.e "directorytobeprotected" in webmod.war or web-inf\classes , there will be no difference while accessing the files from http server. How can we disable this folder from outside parties if they do unauthorised access ? I am not able to provide security for *.rpt files since they are running in another crystal webserver ? Can anyone please help me to solve this......
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to disable a particular directory while accessing thro' ibm httpserver ?