I would appreciate if you would give me some hints how this dispatcher servlet should work. Also, what needs to be done to restrict Tomcat to list the directories that contain java script and images. thanks
On 9/26/07, Mikolaj Rydzewski <[EMAIL PROTECTED]> wrote: > > alla winter wrote: > > My application can crate report on a fly ( a file) for an authorized > > clients. The client authentication is conducted by the > application and > > Tomcat is not involved in this process. Other clients may create a file > in > > the same directory, but the application will show the links only to the > > files that were created by this particular user ( the userID is a part > of > > the file name). How can I ensure that others cannot view this file by > just > > typing the URL in the browser and list all the files under this > directory? > > > Just do not create files in work readable directory. Store files > somewhere outside application directory and display them with some kind > of dispatcher servlet. > > -- > Mikolaj Rydzewski <[EMAIL PROTECTED]> > > >
