File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes autentification Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "autentification" Watch "autentification" New topic


o ovi

Joined: Aug 25, 2003
Posts: 2
How do you protect directories on windows environment?
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Hi Ovi,

let me guess yout true question (since the text you type would usually noit fit into the Tomcat forum): How to protect directories from beeing exposed to the requesting http client (a.k.a. Browser).

For Tomcat it's a matter of dicipline: Generally you can see only the stuff in the webapps and it's subdirectory. So this is where your stuff goes to be visible. A special role
Bartender shoot me if I tell rubbish
has the WEB-INF directory. Is is always protected from being served back to the client. Content there needs to be picked up be the server (means: your Java code) and delivered to the client.

Besides that Tomcat (and/or Apache HTTP) comes with file protection. Check the docu.
BTW: Your question title "autentification" is wrong (and I don't mean the typo). Authentication only establishs WHO you are (by file, by LDAP, by DB). After that you have Authorithation, that can tell WHAT you can do. By default there is no authentication active, so you are known as "Anonymous" (I REALLY hope there is not a poor fellow on this planet named Paul Anonymous!). So all access to resources is handled by the access profile (= the check-list of permissions) of anonymous.
;-) stw
[ June 15, 2004: Message edited by: Stephan Wissel ]
I agree. Here's the link:
subject: autentification
It's not a secret anymore!