• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hide directories - web.xml setting?

 
K Riaz
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I prevent a user from accessing some directories inside a webapp? I have some configuration XML items and these can be viewed by the browser if the full path is known. Is there a setting which I can add in web.xml for my webapp, which can display some sort of (404) error with a mapping to the directory?

Thanks.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13055
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you put your configuration items under the WEB-INF directory, Tomcat will not serve them. Thats the whole idea behind WEB-INF - concealed from browsers but available to applications. If you do this right your file locations will not be dependent on absolute file locations.
See the methods in javax.servlet.ServletContext such as getRealPath()

Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic