Thanks everybody for your ideas and responses. Just to make things clear to everyone, I'm *NOT* storing .java files inside my web folder. What happens is DWR servlet accepts requests for addresses that ends with .java extensions, giving the impression that these files exists. Worst still, automated security test tools warns me about that all the time, so I had to find a solution to block this behaviour.
Just like many of you suggested, I 've implemented a filter to get that job done. Thank you! -----Mensagem original----- De: Rashmi Rubdi [mailto:[EMAIL PROTECTED] Enviada em: sábado, 19 de maio de 2007 12:31 Para: Tomcat Users List; [EMAIL PROTECTED] Assunto: Re: Prevent unwanted requests I agree, there's no need to place .java files, the .class files under /WEB-INF/ are sufficient. Unless you're writing an Applet, which has to exist outside /WEB-INF/ , all other classes are protected from browser/ client access when they're under /WEB-INF/ -Rashmi On 5/19/07, Pid <[EMAIL PROTECTED]> wrote: > This is less programmatical than pragmatical but you could try not > putting your .java files on the web server... > > :oP > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]