Steve, Since you don't like that you might try this. Set security-constraints for all the file types you want to protect.
Then do NOT set an auth-constraint for it. Thus no one will be able to access it from outside. Have not done this myself, but read it in the docs somewhere. Doug www.parsonstechnical.com PS Unless I am mistaken the file structure is controlled by the servlet spec. Thus Tomcat has no control over this feature. ----- Original Message ----- From: "Stephen Bacon" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Monday, April 19, 2004 2:51 PM Subject: Re: How to hide files by extension under Tomcat 5? > Good idea. Unfortunately, I'd like to keep my file org as-is (it'd be a > bit strange to put all sorts of resources in a directory struture > starting with WEB-INF). > Plus I'm not sure it's a "good thing" to rely on a product-specific > feature (WEB-INF is hidden by Tomcat) for this. What happens if in the > future they dir changes to WEB-INFO - then a bunch of pages would need > re-doing. > Surely there must be a configurable way? This would seem to be a general > req. of any web-server. > thanks, > Steve > > Emerson Cargnin wrote: > > > You can hide all this files inside the WEB-INF directory. It will be > > included when called by a JSP or servlet, but not served directly... > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
