2011/2/16 Luis Eric López Fernández wrote: > So my first attempt to fix this is by adding the following lines to the > web.xml file: > > <security-constraint> > <web-resource-collection> > <web-resource-name>RestrictedDirectories</web-resource-name> > > <url-pattern>/AppName/images/*</url-pattern> > > </web-resource-collection> > </security-constraint> > > (*) My app is running on a Websphere app server. > > But it does not seem to work, after performing the changes and redeploying > the app I can still go to: http://server:port/AppName/images/image_name.jpg > and the image is displayed. > > Do you guys have any idea on how to fix this?
If you're having an issue with WebSphere, I'd try asking on a WebSphere forum. IMO it'd be inappropriate to handle this requirement with S2, since it's not really S2-related. It *sounds* like what you're trying to do is to only allow access to static resources if they're requested from within a web page--is that correct? *Why* are you trying to do that? The answer may dictate the solution. You can always stream static resources to the browser via S2, but... if it's page-level resources (images, CSS, etc.) I don't see the point. PDFs etc. I could understand. Dave --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org