• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Restricting Access

 
Ranch Hand
Posts: 152
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I want to restrict access to my site based on role-based authentication.
I have edited Tomcat's conf/tomcat-users.xml file and put in a couple of users.
I have also edited the Root/WEB-INF/web.xml file and have added security constraints.
I want to restrict access to a directory, named Images, which is directly off the Root directory. I can restrict a listing of the directory by adding a line
<url-pattern>/Images</url-pattern>
to the web.xml file. However this does not restrict someone displaying an image if they know the file name; they just append the file name in the address bar. I can then restrict the displaying of this particular file by adding the line
<url-pattern>/Images/hello.gif</url-pattern>
However I want to prevent unauthorised users accessing all gif file in the directory. I thought adding the line
<url-pattern>/Images/*.gif</url-pattern>
would work but it doesn't.
Could anyone tell me how to proceed please?
Thanks in advance
Frank
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!