Actually, the web.xml file for your application is probably your best bet. You can apply security constraints at the file or directory level, and you can also map files or directories so that any reuqest for them must be handled by a controller servlet. How you decide to use these options depends on how you store your user database and what kinds of resources you want to protect. The O'Reilly JSP book covers this, and I expect so do many of the other books on the market.
Lee Butler [EMAIL PROTECTED] 202.326.5931 -----Original Message----- From: Suresh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 5:28 AM To: [EMAIL PROTECTED] Subject: Re: How to protect directory Hi Sourabh, I tried this on Tomcat 3.3 . I'm not really sure abt tomcat 3.2.4 as I too am new to Tomcat. Thanks -Suresh Sourabh Kulkarni wrote: > Hi Suresh, > I am using tomcat 3.2.4, but this listing thing didn't work there. I > tried specifying > <StaticInterceptor listings="false" /> in "server.xml" > but still my application directory list was available for /myApplication. > Which version of tomcat did u try? Is it due to version diff? > -sourabh > > ----- Original Message ----- > From: Suresh <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 05, 2002 2:05 PM > Subject: Re: How to protect directory > > > Ideally you should be able to customize context in > "$TOMCAT_HOME\conf\app-yourapplicationname.xml" > > as per your application needs . > > But the documentation specifies > > > > "Currently the SimpleRealm, JDBCRealm, and Logsetter modules are know to > work successfully as > > "context local" modules. Other modules that can be used as "context local" > modules and would be > > useful have yet to be identified." > > > > how ever i tried specifing > > <StaticInterceptor listings="false" /> in "server.xml" > > and overrided this as > > <StaticInterceptor listings="true" /> in "app-myApplication.xml" > > and it worked ( i..e Directory listing was available only for > /myApplication ) . while the reverse > > case didnt work. > > > > -Suresh > > > > > > > > Sourabh Kulkarni wrote: > > > > > Isn't there any way to do the setting in webapp (probably web.xml), > since > > > when application is hosted on shared server these configurations may not > be > > > allowed by the hosting provider. > > > -sourabh > > > > > > ----- Original Message ----- > > > From: Suresh <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Tuesday, March 05, 2002 10:20 AM > > > Subject: Re: How to protect directory > > > > > > > HI Pradeep, > > > > Change the confiduration setting in the server.xml file located at > > > "$TOMCAT_HOME$\conf" directory to > > > > > > > > <StaticInterceptor listings="false" /> > > > > > > > > Restart the tomcat for the change to come in effect. > > > > Thanks > > > > -Suresh > > > > > > > > "[Pradeep Naik]" wrote: > > > > > > > > > Hi, > > > > > > > > > > I am using Tomcat V4.0 as a JSP/Servlet engine. I have following > > > questions.. > > > > > > > > > > User can request the page as (for example, > > > > > http://domain:8080/jsp/workdirectory/login.jsp ) In such case, how > do I > > > > > proetect the directory jsp/workdirectory so that users will not have > > > access > > > > > to see the contents in these directory. > > > > > > > > > > I think, I may need to do something in the server.xml file. Can you > > > please > > > > > help me out.. > > > > > > > > > > Thanks.. > > > > > > > > > > Pradeep.. > > > > > > > > > > > > > > ___________________________________________________________________________ > > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in > the > > > body > > > > > of the message "signoff SERVLET-INTEREST". > > > > > > > > > > Archives: > http://archives.java.sun.com/archives/servlet-interest.html > > > > > Resources: > http://java.sun.com/products/servlet/external-resources.html > > > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > > > > > > > > > ___________________________________________________________________________ > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > > > body > > > > of the message "signoff SERVLET-INTEREST". > > > > > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > > > Resources: > http://java.sun.com/products/servlet/external-resources.html > > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > > > > ___________________________________________________________________________ > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > body > > > of the message "signoff SERVLET-INTEREST". > > > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > > Resources: http://java.sun.com/products/servlet/external-resources.html > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > > ___________________________________________________________________________ > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > body > > of the message "signoff SERVLET-INTEREST". > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > Resources: http://java.sun.com/products/servlet/external-resources.html > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
