This week's book giveaways are in the iOS and Features new in Java 8 forums.
We're giving away four copies each of Barcodes with iOS: Bringing together the digital and physical worlds and Core Java for the Impatient and have the authors on-line!
See this thread and this one for details.
The moose likes Tomcat and the fly likes Hide directories - web.xml setting? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Barcodes with iOS this week in the iOS forum
or Core Java for the Impatient in the Java 8 forum!

JavaRanch » Java Forums » Products » Tomcat
Bookmark "Hide directories - web.xml setting?" Watch "Hide directories - web.xml setting?" New topic

Hide directories - web.xml setting?

K Riaz
Ranch Hand

Joined: Jan 08, 2005
Posts: 375
How can I prevent a user from accessing some directories inside a webapp? I have some configuration XML items and these can be viewed by the browser if the full path is known. Is there a setting which I can add in web.xml for my webapp, which can display some sort of (404) error with a mapping to the directory?

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 12888
If you put your configuration items under the WEB-INF directory, Tomcat will not serve them. Thats the whole idea behind WEB-INF - concealed from browsers but available to applications. If you do this right your file locations will not be dependent on absolute file locations.
See the methods in javax.servlet.ServletContext such as getRealPath()

I agree. Here's the link:
subject: Hide directories - web.xml setting?