Access to the resources isn't the issue, though. Dave
On Wed, Feb 16, 2011 at 12:28 PM, Chris Pratt <thechrispr...@gmail.com> wrote: > Basically you need to implement an Authentication/Authorization system in > your app (you can start with Spring Security if you're not comfortable doing > a scratch implementation). Then use that system to protect all your assets. > (*Chris*) > > On Wed, Feb 16, 2011 at 9:24 AM, Vitor De Mario <vitordema...@gmail.com>wrote: > >> Unfortunately I don't know a solution to the problem, but what he's trying >> to do doesn't look that strange to me. I believe Luis'd like to hide his >> internal folder structure, probably. Struts 2 URL's are made up, don't >> correspond to any physical folders, but .js, .css and the like would >> probably have to be referenced directly by the internal folder structure of >> the web app. I believe he's trying to hide this, ain't that right? >> >> On Wed, Feb 16, 2011 at 1:58 PM, Alex Lopez <alo...@flordeutopia.pt> >> wrote: >> >> > Correct me if I'm wrong, I think you could achieve this by doing: >> > in web.xml: >> > >> > <filter> >> > <filter-name>struts2</filter-name> >> > >> > >> > >> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> >> > </filter> >> > <filter-mapping> >> > <filter-name>struts2</filter-name> >> > <url-pattern>/*</url-pattern> >> > </filter-mapping> >> > >> > and in struts.xml: >> > >> > <constant name="struts.action.extension" value=""/> >> > <constant name="struts.action.excludePattern" value="/js/.*, /css/.*, >> > /img/.*"/> >> > >> > so struts2 catches all url requests as actions, unless specified in the >> > excludePattern list. In your case, I think you would want a blank >> > excludePattern (although I don't see why someone would want to restrict >> > access to images etc... intended to be loaded as part of the page). >> > >> > >> > Em 16-02-2011 15:17, Luis Eric López Fernández escreveu: >> > >> > Hello there, >> >> >> >> I am new with Struts2 and I need to restrict direct access to my app's >> >> static content. Right now users can access to images, css, js, and pdfs >> by >> >> directly typing in the resource URL, something like: >> >> >> >> http://server:port/AppName/images/image_name.jpg >> >> >> >> Will take them to the place where the image is stored. >> >> >> >> As far as I can understand restricting that access is not something that >> >> can >> >> be done in the struts.xml file because of the following statement: >> >> >> >> "Requests for static resources, such as images and CSS files, bypass the >> >> controller and are handled directly by the container." >> >> (Struts2DesignAndProgramming, page 21) >> >> >> >> So my first attempt to fix this is by adding the following lines to the >> >> web.xml file: >> >> >> >> <security-constraint> >> >> <web-resource-collection> >> >> <web-resource-name>RestrictedDirectories</web-resource-name> >> >> >> >> <url-pattern>/AppName/images/*</url-pattern> >> >> >> >> </web-resource-collection> >> >> </security-constraint> >> >> >> >> (*) My app is running on a Websphere app server. >> >> >> >> But it does not seem to work, after performing the changes and >> redeploying >> >> the app I can still go to: http://server:port >> >> /AppName/images/image_name.jpg >> >> and the image is displayed. >> >> >> >> Do you guys have any idea on how to fix this? >> >> >> >> I appreciate your help! >> >> Eric >> >> >> >> >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> > For additional commands, e-mail: user-h...@struts.apache.org >> > >> > >> > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
