• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Limiting access to resource

 
Radoslaw Sztando
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,


I have following structure of webapps dir

[d]webapps
--[d]Test
----test.txt
----[d]WEB-INF
------web.xml
----[d]archive
------file1.txt
------file2.txt

I want to
1) have access to list of files and files itself in archive dir when someone goes to URL http://.../Test/archive/
2) no access to list of files and files itself in Test dir

I tried DefaultServlet with listings = true mapped to url = /archive/ in my web.xml. What I achieved is requirement 1) and part of 2) - user cannot list Test dir by going to http://.../Test/
BUT user can still access test.txt by explicitly naming it in URL like http://.../Test/test.txt
How to limit access to this file (and all files in Test dir)?

Thanks in advance!
 
Andriy Pererva
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why don't you try an Intercepting Filter pattern? Create the implementer of javax.servlet.Filter put to it all the logic of determining whether user is allowed to see this file/directory, or not. If yes, just pass the request forward by calling chain.doFilter(request, response), if no - cut this request off and send to the client something like response.sendError(HttpServletResponse.SC_FORBIDDEN)
 
Alex Pustovit
Greenhorn
Posts: 10
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just put all stuff which you want to hide to the WEB-INF dir.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic