Hi,
I have some trouble with a configuration file for my servlet. At first I
placed it in the web-inf directory as tomcat does not serve files from that
directory to the net.
But when I tried to access it with
URL configURL = mServletContext.getResource("/Web-inf/foobar.xml");
I get a null-pointer and tomcat tells me that it is an unsafe path?!?
Then I put the file in another subdirectory and tried to block any access to
it, but failed. Now I could read the file, but everyone else could too... At
the end of this mail is part of my web.xml.
I am using tomcat 3.2.1 on a NT-Server. I suppose there is a quite simple
solution to this, but I could not find it. So thanks a lot for any help.
Regards,
Peter
<security-constraint>
<web-resource-collection>
<web-resource-name>ConfigFiles</web-resource-name>
<url-pattern>/servlet-config/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
