aspose file tools*
The moose likes Tomcat and the fly likes deny access to my webapps folders Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "deny access to my webapps folders" Watch "deny access to my webapps folders" New topic
Author

deny access to my webapps folders

Kartik Ruppa
Ranch Hand

Joined: Aug 28, 2002
Posts: 60
Hi ,
I have my application folder inside webapps of tomcat.
folder structure is something like this :

../webapps/TestApp/*.jsp
../webapps/TestApp/resource/test.html

When a user enters the http://www.domain.com/TestApp/resource on the browser,all the files/folders under resource are visible.How to avoid this?

Thanks in advance,
Kartik
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Assuming that you never want to allow direct browsing to the pages, you could move the 'resource' folder under WEB-INF and access them through methods on the Context like "getResourceAsStream()" or even through a include() or forward() request.

You might also write a servlet Filter that would selectively allow or deny access.

Alternately, you can use Apache in front of Tomcat, and restrict access with Apache web server settings.

If you're concerned about directory browsing, you can also turn this off in the Tomcat config. http://jakarta.apache.org/tomcat/faq/misc.html#listing
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 641
Also,you can create index.html or index.jsp saying "you are not permited to view this....bla bla.." and place in every directory..

Cheers
--Praful
[ July 22, 2004: Message edited by: Praful Thakare ]

All desirable things in life are either illegal, banned, expensive or married to someone else !!!
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: deny access to my webapps folders