This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes deny access to my webapps folders Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "deny access to my webapps folders" Watch "deny access to my webapps folders" New topic
Author

deny access to my webapps folders

Kartik Ruppa
Ranch Hand

Joined: Aug 28, 2002
Posts: 60
Hi ,
I have my application folder inside webapps of tomcat.
folder structure is something like this :

../webapps/TestApp/*.jsp
../webapps/TestApp/resource/test.html

When a user enters the http://www.domain.com/TestApp/resource on the browser,all the files/folders under resource are visible.How to avoid this?

Thanks in advance,
Kartik
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Assuming that you never want to allow direct browsing to the pages, you could move the 'resource' folder under WEB-INF and access them through methods on the Context like "getResourceAsStream()" or even through a include() or forward() request.

You might also write a servlet Filter that would selectively allow or deny access.

Alternately, you can use Apache in front of Tomcat, and restrict access with Apache web server settings.

If you're concerned about directory browsing, you can also turn this off in the Tomcat config. http://jakarta.apache.org/tomcat/faq/misc.html#listing
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 614
Also,you can create index.html or index.jsp saying "you are not permited to view this....bla bla.." and place in every directory..

Cheers
--Praful
[ July 22, 2004: Message edited by: Praful Thakare ]

All desirable things in life are either illegal, banned, expensive or married to someone else !!!
 
 
subject: deny access to my webapps folders
 
Similar Threads
tomcat problem
Requested Resource not available
HTTP Status 404 error.. Help required.
request URI doubt?
Referencing images in a servlet