Paul Gonin wrote:
> Hi,
>
> I have a JSP that uses a bean. It uses the following directory structure :
> webapps/myapply/myapply.jsp
> webapps/myapply/web-inf/classes/mybean.class
>
> It works fine but I am annoyed that people can download the bean directly
> and "access" its content because it contains critical information
> (passwords).
>
> How do I protect my bean and more generraly I'd like to protect the whole
> web-inf directory (if it's possible)
>
> Note : I'm using Tomcat standalone.
>
Tomcat protects the WEB-INF directory for you. This is required by the servlet
specification.
>
> Thanks
Craig McClanahan
