Paul Gonin wrote:
>
> Hi,
>
> I have a JSP that uses a bean. It uses the following directory structure :
> webapps/myapply/myapply.jsp
> webapps/myapply/web-inf/classes/mybean.class
>
> It works fine but I am annoyed that people can download the bean directly
> and "access" its content because it contains critical information
> (passwords).
>
> How do I protect my bean and more generraly I'd like to protect the whole
> web-inf directory (if it's possible)
>
> Note : I'm using Tomcat standalone.
If you can actually make Tomcat deliver the mybean.class to a
user, it is a serious breach of the API requirements. I am betting
that you can't get Tomcat to serve anything in the WEB-INF directory
to a client.
--
WBB - [EMAIL PROTECTED]
Java Cert mock exams http://www.lanw.com/java/javacert/
Author of Java Developer's Guide to Servlets and JSP
ISBN 0-7821-2809-2
