File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Access restriction with Tomcat 5.5/6.0 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Access restriction with Tomcat 5.5/6.0" Watch "Access restriction with Tomcat 5.5/6.0" New topic

Access restriction with Tomcat 5.5/6.0

Sridhar Venkataraman
Ranch Hand

Joined: May 22, 2006
Posts: 76
Hi all,

I have some experience with building web applications that are placed in the Tomcat container, but I have rarely given much importance to security.

I would like to know more about the following functionalities and how they work in Tomcat. Some links to good references will do fine as well.

a.) Restricting direct access to a particular file/folder present in the web application's directory at any hierarchial level.
b.) Restricting direct access to file(s) with a particular extension (and it can be any extension, not the ones we usually encounter like .txt, .html etc.)

By direct access, I mean a person should not be able to get to the resource/file by typing it's url/path on the container.

[ May 16, 2008: Message edited by: Sridhar Venkataraman ]
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

In our CodeBarn, under the servlets section, there is a demo project named SimpleStream. This shows how to stream files (in this case, images) from under the WEB-INF directory using a servlet.

Because files under WEB-INF can not be accessed directly from the web, this gives you control what is served up and what is not.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
If you still want someone with the right credentials to be able to access those files -if effect password-protecting them- then servlet security may be what you're looking for. The page has some pointers to get you started with that.
Sridhar Venkataraman
Ranch Hand

Joined: May 22, 2006
Posts: 76
Thank you for your responses.

Is that the best starting point for a complete novice to this? Or is there something simpler I should look into first?
I agree. Here's the link:
subject: Access restriction with Tomcat 5.5/6.0
It's not a secret anymore!