Hello Kris, You probably could use a servlet to serve up the .jar file for the applet. In the archive attribute, you could have a call to the servlet which would serve up the .jar file from somewhere other than the public area of the webapp. However, they'd still be able to go to that address to grab the file.
YOu could try using obfuscation to make it so that any decompiled code is so obtuse that it would be pretty much unusable by anyone else. That's probably your best solution. Jake Tuesday, May 07, 2002, 12:31:14 PM, you wrote: KK> One more question Alessio (if you don't mind), KK> If I have to put the jars in a subdirectory of a tomcat context root KK> directory then is there any way to hide them from someone that can download KK> them simply by typing http://mydomainname/applications/jars/myjarfile.jar? KK> Thanks again. KK> Regards KK> Kris KK> -----Original Message----- KK> From: Alessio Fiore [mailto:[EMAIL PROTECTED]] KK> Sent: Tuesday, May 07, 2002 10:12 AM KK> To: 'Tomcat Users List' KK> Subject: R: Help with hiding resources >>Thank you Alessio, >>does this mean that if I put the jar files in WEB-INF/lib directory they >>will be invisible to the browser? The WEB-INF/lib directory is a >>subdirectory off of the Root directory called "applications", which is the >>directory hosting the jsp files launching the applets and as such it should >>be accessible by the applet that the codbase points to applications >>directory (at least this is my understanding). Does Tomcat prohibit the KK> html >>page generated by the <jsp:plugin> from accessing the jar files in the >>WEB-INF/lib directory? And if so do they have to be in a generic directory >>off of the root directory? KK> Yes, WEB-INF and META-INF subdirs of a tomcat context root directory are not KK> accessible externally (so the browser doesn't have access to any file under KK> these dirs). They're just accessible internally (by the server-side KK> application). Your applet files (.class or .jar) must be visible by the KK> browser, because their reference is put in JSP-generated HTML page (that is KK> parsed and managed by the browser itself), so you have to put them under a KK> subdirectory of "applications" other than WEB-INF. KK> Regards KK> Alessio >>Sorry if my mumbling is confusing I am just trying to understand what my >>options are. >>Thanks >>Kris KK> -----Original Message----- KK> From: Alessio Fiore [mailto:[EMAIL PROTECTED]] KK> Sent: Tuesday, May 07, 2002 9:37 AM KK> To: 'Tomcat Users List' KK> Subject: R: Help with hiding resources KK> Hi Kris, the jar that contains the applet and related classes *must* be KK> accessible by the browser. If not the browser could not load it and extract KK> the applet (throwing the java.io.FileNotFoundException). KK> -----Messaggio originale----- KK> Da: Kris Kras [mailto:[EMAIL PROTECTED]] KK> Inviato: marted́ 7 maggio 2002 15.09 KK> A: [EMAIL PROTECTED] KK> Oggetto: Help with hiding resources KK> Hello all, KK> I have an application using jsps, servlets and applets runing under Tomcat KK> 4.03 and Struts 1.0 (win2k server). KK> My application is located under "C:\Tomcat4\webapps\applications\" and all KK> jsp files are there. Some jsps launch applets through <jsp:plugin> tags. KK> Applets are packaged in jars located in KK> "C:\Tomcat4\webapps\applications\jars\". A code fragment launching applets KK> looks like this: KK> <jsp:plugin KK> type = "applet" KK> code = "myapplet.MyAppletClass.class" KK> archive = "jars/myapplet.jar" KK> codebase = "." KK> ... KK> When I run the jsp files everything works great and applets launch KK> correctly. KK> The problem is that with this directory structure the jar files are visible KK> and can be downloaded by typing KK> "http://www.domainmame.com/applications/jars/" or KK> "http://www.domainmame.com/applications/jars/myapplet.jar" and ultimatelly KK> decompiled. I would like to hide the resources (jar files and everything KK> else that is located in subdirectiories of "\applications\". I have tried KK> putting the jar files in "C:\Tomcat4\webapps\applications\WEB_INF\lib\" KK> where all other jar files (struts.jar, etc.) are located, but then KK> regardless of what I used for "archive" and "codebase" parameters in KK> <jsp:plugin> tag I get and file not found exception in the plugin console KK> (java.io.FileNotFoundException: KK> http://www.domainmame.com/applications/WEB-INF/lib/myapplet.jar) even though KK> the jar file is there. KK> I have tried setting the following values for "archive" and "codebase" KK> parameters in <jsp:plugin> tag with the jar file in KK> "C:\Tomcat4\webapps\applications\WEB_INF\lib\": KK> archive = "myapplet.jar" KK> codebase = "." KK> archive = "/WEB-INF/lib/myapplet.jar" KK> codebase = "." KK> archive = "myapplet.jar" KK> codebase = "/" KK> archive = "myapplet.jar" KK> codebase = "/applications/WEB-INF/lib/" KK> None of the combinations worked. Can anyone help me with configuring these KK> two parameters so the Tomcat can find myapplet.jar. KK> Or is there a better solution to hiding resources under Tomcat. KK> Any help would be greatly appreciated. KK> Thanks KK> Kris KK> -- KK> To unsubscribe, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> For additional commands, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> - Disclaimer - KK> This email and any attachments thereto may contain information which is KK> confidential and/or protected by intellectual property rights and are KK> intended for the sole use of the recipient(s) named above. Any use of the KK> information contained herein (including, but not limited to, total or KK> partial reproduction, communication or distribution in any form) or the KK> taking of any action in reliance on the contents, by persons other than the KK> designated recipient(s) is strictly prohibited. KK> If you have received this email in error, please notify the sender either by KK> telephone or by email and delete the material from any computer. KK> Thank you for your cooperation. KK> -- KK> To unsubscribe, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> For additional commands, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> -- KK> To unsubscribe, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> For additional commands, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> - Disclaimer - KK> This email and any attachments thereto may contain information which is KK> confidential and/or protected by intellectual property rights and are KK> intended for the sole use of the recipient(s) named above. Any use of the KK> information contained herein (including, but not limited to, total or KK> partial reproduction, communication or distribution in any form) or the KK> taking of any action in reliance on the contents, by persons other than the KK> designated recipient(s) is strictly prohibited. KK> If you have received this email in error, please notify the sender either by KK> telephone or by email and delete the material from any computer. KK> Thank you for your cooperation. KK> -- KK> To unsubscribe, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> For additional commands, e-mail: KK> <mailto:[EMAIL PROTECTED]> KK> -- KK> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> KK> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>