Restricting access to a WEB-INF subfolder

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

Restricting access to a WEB-INF subfolder

Restricting access to a WEB-INF subfolder

2005-01-25 - By Jean-Christian Imbeault

Back

Reply: 1 2 3 4

I'm pretty much a newbie with J2EE so please bear with me if this question
is a simple or dumb one.

I have an application that is used for letting users see certain documents
(files). CUrrently these files are not in the application directory
structure but out side of it. The current application reads the file off
the disk and streams them back to the user.

Because the files are not under the are outside the application directory
tree (they are in fact quite high above it) the is no way for a user to
directly type a URL to the file and see it. So the files are 'secured'.

Because of performance issues instead of streaming the files as I do now I
would like to simply forward requests to the file itself. Right now this
is not possible because the files are not in the web or WEB-INF folder.

I want to move the directory containing these 'secret' files into either
the web directory or a sub-directory of WEB-INF.

My questions are:

#1- If I put the files under the web directory, a user could write a URL
to the file and see it. Is there any way for me to restrict access to this
directory so that only my servlet can see the files. I.e. a user needs to
request a file through my servlet.

#2- If I put the files under WEB-INF, the files are hidden from users and
they cannot create a URL to see them. However from what I have read it
will also not be possible to forward a request to those files. Is there
any way for me to have my servlet forward requests to file under WEB-INF
while at the same time make it impossible for users to create a URL to
those files?

Thanks,

Jc

===========================================================================
To unsubscribe, send email to listserv@(protected) and include in the body
of the message "signoff J2EE-INTEREST". For general help, send email to
listserv@(protected) and include in the body of the message "help".