Two Laptop Bag*
The moose likes Tomcat and the fly likes Access restriction with Tomcat 5.5/6.0 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Access restriction with Tomcat 5.5/6.0" Watch "Access restriction with Tomcat 5.5/6.0" New topic
Author

Access restriction with Tomcat 5.5/6.0

Sridhar Venkataraman
Ranch Hand

Joined: May 22, 2006
Posts: 76
Hi all,

I have some experience with building web applications that are placed in the Tomcat container, but I have rarely given much importance to security.

I would like to know more about the following functionalities and how they work in Tomcat. Some links to good references will do fine as well.

a.) Restricting direct access to a particular file/folder present in the web application's directory at any hierarchial level.
b.) Restricting direct access to file(s) with a particular extension (and it can be any extension, not the ones we usually encounter like .txt, .html etc.)

By direct access, I mean a person should not be able to get to the resource/file by typing it's url/path on the container.

Thanks!
[ May 16, 2008: Message edited by: Sridhar Venkataraman ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

In our CodeBarn, under the servlets section, there is a demo project named SimpleStream. This shows how to stream files (in this case, images) from under the WEB-INF directory using a servlet.

Because files under WEB-INF can not be accessed directly from the web, this gives you control what is served up and what is not.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41108
    
  45
If you still want someone with the right credentials to be able to access those files -if effect password-protecting them- then servlet security may be what you're looking for. The http://faq.javaranch.com/java/ServletsFaq#security page has some pointers to get you started with that.


Ping & DNS - my free Android networking tools app
Sridhar Venkataraman
Ranch Hand

Joined: May 22, 2006
Posts: 76
Thank you for your responses.

Is that the best starting point for a complete novice to this? Or is there something simpler I should look into first?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Access restriction with Tomcat 5.5/6.0
 
Similar Threads
new to jsp
Mistakenly changed web.xml
basics of container and ports behaviour
allowing access to pages by IP address/server.xml
Difference b/w .jar, .ear, .war ?