• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Restrict raw xhtml files from being typed in the browser directly

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
I want to Restrict raw XHTML Documents from being directly accessed
I've added the security-constraint in the web.xml

.
.
.
<security-constraint>
<display-name>Restrict XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
</security-constraint>


But when I gave the following url in my browser
http://localhost:<port no.>/<application>/<page-name>.xhtml

The xhtml page is getting displayed.


All xhtml files are in the root directory

javascript - folder
.
.
*.xhtml - files
.
.
WEB-INF - folder
 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can write a servlet filter to block all the *.xhtml access.
 
shiva kalyan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Venkat for your reply.

<security-constraint> tag should restrict the url patterns specified,
is something wrong with the way i've specified in web.xml?
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security constraints in web.xml only work if you're using container-based security. That means among other things that you have to have designed the webapp to let the server manage the authentication (login) and authorization processes. Which I recommend, but it's not appropriate in all cases.

The best way to hide the raw .xhtml is to put it underneath the WEB-INF directory. Files and directories inside WEB-INF are effectively invisible to external access.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic