File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Hide directories - web.xml setting? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Hide directories - web.xml setting?" Watch "Hide directories - web.xml setting?" New topic

Hide directories - web.xml setting?

K Riaz
Ranch Hand

Joined: Jan 08, 2005
Posts: 375
How can I prevent a user from accessing some directories inside a webapp? I have some configuration XML items and these can be viewed by the browser if the full path is known. Is there a setting which I can add in web.xml for my webapp, which can display some sort of (404) error with a mapping to the directory?

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13035
If you put your configuration items under the WEB-INF directory, Tomcat will not serve them. Thats the whole idea behind WEB-INF - concealed from browsers but available to applications. If you do this right your file locations will not be dependent on absolute file locations.
See the methods in javax.servlet.ServletContext such as getRealPath()

I agree. Here's the link:
subject: Hide directories - web.xml setting?
It's not a secret anymore!