File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes deny access to my webapps folders Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "deny access to my webapps folders" Watch "deny access to my webapps folders" New topic

deny access to my webapps folders

Kartik Ruppa
Ranch Hand

Joined: Aug 28, 2002
Posts: 60
Hi ,
I have my application folder inside webapps of tomcat.
folder structure is something like this :


When a user enters the on the browser,all the files/folders under resource are visible.How to avoid this?

Thanks in advance,
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Assuming that you never want to allow direct browsing to the pages, you could move the 'resource' folder under WEB-INF and access them through methods on the Context like "getResourceAsStream()" or even through a include() or forward() request.

You might also write a servlet Filter that would selectively allow or deny access.

Alternately, you can use Apache in front of Tomcat, and restrict access with Apache web server settings.

If you're concerned about directory browsing, you can also turn this off in the Tomcat config.
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 642
Also,you can create index.html or index.jsp saying "you are not permited to view this....bla bla.." and place in every directory..

[ July 22, 2004: Message edited by: Praful Thakare ]

All desirable things in life are either illegal, banned, expensive or married to someone else !!!
I agree. Here's the link:
subject: deny access to my webapps folders
jQuery in Action, 3rd edition