I'll second that one.
A basic filter that checks the request for .bak, .java, .whatever is
relatively easy and transparent (you don't have to change even one line
of your existing code). When you find one of those banned extensions,
just return a 403 (forbidden) or 404 (not found) on the response. If
not, just chain the request along to it's next step in the process --
probably a servlet or jsp.
--David
Lucas Galfaso wrote:
I think that a new servlet to filter these files is not the proper
approach, and you should use a filter :)
- LG
On 5/18/07, Milanez, Marcus <[EMAIL PROTECTED]> wrote:
Is it possible to prevent the request os unwatned extensions, like
*.bak, *.java and so on, through web.xml file? My solution was creating
a servlet that gets mapped to this extensions, but I could realize that
it doesn't work along with DWR for example... The problem is that when
I invoke something like myapp/dwr/file.java, this URL is mapped to dwr
servlet instead of ForbiddenFilesController. Does anybody know how to
solve that?
My web.xml contains the following lines:
...
<servlet-mapping>
<servlet-name>ForbiddenFilesController</servlet-name>
<url-pattern>*.java</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
...
And my controller has the following lines of code:
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse
resp)
throws ServletException, IOException {
//proibido
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
//resp.getWriter().close();
return;
}
@Override
protected void doPost(HttpServletRequest req,
HttpServletResponse resp)
throws ServletException, IOException {
//proibido
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
//resp.getWriter().close();
super.doPost(req, resp);
}
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
