Basically you need to implement an Authentication/Authorization system in your app (you can start with Spring Security if you're not comfortable doing a scratch implementation). Then use that system to protect all your assets. (*Chris*)
On Wed, Feb 16, 2011 at 9:24 AM, Vitor De Mario <vitordema...@gmail.com>wrote: > Unfortunately I don't know a solution to the problem, but what he's trying > to do doesn't look that strange to me. I believe Luis'd like to hide his > internal folder structure, probably. Struts 2 URL's are made up, don't > correspond to any physical folders, but .js, .css and the like would > probably have to be referenced directly by the internal folder structure of > the web app. I believe he's trying to hide this, ain't that right? > > On Wed, Feb 16, 2011 at 1:58 PM, Alex Lopez <alo...@flordeutopia.pt> > wrote: > > > Correct me if I'm wrong, I think you could achieve this by doing: > > in web.xml: > > > > <filter> > > <filter-name>struts2</filter-name> > > > > > > > <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> > > </filter> > > <filter-mapping> > > <filter-name>struts2</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > and in struts.xml: > > > > <constant name="struts.action.extension" value=""/> > > <constant name="struts.action.excludePattern" value="/js/.*, /css/.*, > > /img/.*"/> > > > > so struts2 catches all url requests as actions, unless specified in the > > excludePattern list. In your case, I think you would want a blank > > excludePattern (although I don't see why someone would want to restrict > > access to images etc... intended to be loaded as part of the page). > > > > > > Em 16-02-2011 15:17, Luis Eric López Fernández escreveu: > > > > Hello there, > >> > >> I am new with Struts2 and I need to restrict direct access to my app's > >> static content. Right now users can access to images, css, js, and pdfs > by > >> directly typing in the resource URL, something like: > >> > >> http://server:port/AppName/images/image_name.jpg > >> > >> Will take them to the place where the image is stored. > >> > >> As far as I can understand restricting that access is not something that > >> can > >> be done in the struts.xml file because of the following statement: > >> > >> "Requests for static resources, such as images and CSS files, bypass the > >> controller and are handled directly by the container." > >> (Struts2DesignAndProgramming, page 21) > >> > >> So my first attempt to fix this is by adding the following lines to the > >> web.xml file: > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>RestrictedDirectories</web-resource-name> > >> > >> <url-pattern>/AppName/images/*</url-pattern> > >> > >> </web-resource-collection> > >> </security-constraint> > >> > >> (*) My app is running on a Websphere app server. > >> > >> But it does not seem to work, after performing the changes and > redeploying > >> the app I can still go to: http://server:port > >> /AppName/images/image_name.jpg > >> and the image is displayed. > >> > >> Do you guys have any idea on how to fix this? > >> > >> I appreciate your help! > >> Eric > >> > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > >